class info emails

This commit is contained in:
Neale Pickett 2013-01-31 14:23:03 -07:00
parent 9f37f1f591
commit f4c24f2b2b
4 changed files with 188 additions and 0 deletions

75
doc/2013-02-TF5/c-hst.txt Normal file
View File

@ -0,0 +1,75 @@
Hi all,
You've been identified as registering for the Host Forensic online track of=
Tracer FIRE 5. We will be conducting a one-day online class and we have s=
plit the group of participants in two. If you're receiving this email, you=
are registered for the Monday session. Wait, you ask what shall I do on T=
uesday? Well, we have an opportunity for you to attend the Incident Coordi=
nator online class. If you are interested in the Incident Coordinator cour=
se, you can email Ben Anderson (brander@sandia.gov<mailto:brander@sandia.go=
v>) or either myself or Dawn Abbott (emails listed below).
We've tried to keep attendees from the same site together on the same day. =
If that didn't occur or for some other reason, and you really need to req=
uest a change to attend the Tuesday online course please send an email to m=
yself (ksnauer@sandia.gov<mailto:ksnauer@sandia.gov>) or to Dawn Abbott (dc=
abbot@sandia.gov<mailto:dcabbot@sandia.gov>).
Also, you will need to have a certain configuration for your computer that =
you'll be using to view and participate in the online course listed below.
Here are the requirements for virtual students of the Host Forensic track (=
most software is available for free or you can use a trial version):
1) You will need a computer running Windows 7 (or a virtual machine ru=
nning Windows 7) with the Lync Attendee client (http://www.microsoft.com/en=
-us/download/details.aspx?id=3D15755). The urls are provided below for all=
of the software mentioned:
a. Sleuthkit 3.x or 4.0 ( http://www.sleuthkit.org/sleuthkit/download=
.php )
b. Volatility 2.1 ( https://www.volatilesystems.com/default/volatility=
)
c. Python 2.7.x ( http://www.python.org/download/releases/2.7.3/ )
d. PDF Dissector by Zynamics (optional)
e. Pdfubar ( http://code.google.com/p/pdfubar/ )
f. Jdgui ( http://java.decompiler.free.fr/ )
g. Java jvm ( http://www.java.com/en/download/index.jsp )
h. Ida Pro free version (or commercial if you already have a license) =
http://out7.hex-rays.com/files/idafree50.exe
i. Wireshark ( http://www.wireshark.org/download.html )
j. a hex editor of your choice (example: http://www.hexworkshop.com=
/)
k. Vmware workstation with Windows installed (for testing malcode)
2) A set of headphones (microphone not necessary) so you can listen in=
to your online class if you're sitting in RECOIL facility (Albuquerque hub =
attendees). If you are participating from the Albuquerque hub, you should =
have received a separate email from Dawn Abbott with directions and a map o=
f our location.
The url for attending the online class will be: https://meeting.sandia.gov=
/ksnauer/W2NQ7RB5
Please join the meeting as a guest if you are not a Sandia staff member and=
use the email address you registered with or just your name and organizat=
ion.
See you on Monday.
Thanks,
Kevin Nauer
Sandia National Labs

84
doc/2013-02-TF5/c-icc.txt Normal file
View File

@ -0,0 +1,84 @@
Hi all,
You've been identified as registering for the Incident Coordinator online t=
rack of Tracer FIRE 5 (Online). This is a one-day online class that will b=
e given on Monday and Tuesday. i.e. - The content from Monday will be repe=
ated on Tuesday. Please see the list at the bottom of this email for which=
day you are scheduled for. While I would ask you try and stay with the se=
lected day, the phone bridge will support everyone who requested to attend =
so, if you need to change days, we should be able to accommodate you. Just=
send me an email. (brander@sandia.gov<mailto:brander@sandia.gov>)
You will need to have a certain configuration for your computer and softwar=
e that you'll be using to view and participate in the online course. These=
are listed below:
1) You will need a computer running Windows 7 (or a virtual machine ru=
nning Windows 7) with the Lync Attendee client (http://www.microsoft.com/en=
-us/download/details.aspx?id=3D15755).
a. PlotWeaver: Download at: http://ogievetsky.com/PlotWeaver/
2) A set of headphones (microphone not necessary) so you can listen in=
to your online class if you're sitting in RECOIL facility (Albuquerque hub =
attendees). If you are participating from the Albuquerque hub, you should =
have received a separate email from Dawn Abbott with directions and a map o=
f our location.
The url for attending the online class will be: https://meeting.sandia.gov/=
brander/N5SFHZMN
Please join the meeting as a guest if you are not a Sandia staff member and=
use the email address you registered with (or just your name and organiza=
tion).
In conjunction with Lync, we will be using a phone bridge. Lync audio can =
be problematic, so we will have the phone as a backup.
The phone bridge information:
Phone #: 505-844-1208
Or Toll Free within U.S. #: 1-877-720-1159
Participant code: 186974
Let me know if you have any questions. See you next week.
Ben Anderson
Sandia National Laboratories
brander@sandia.gov
CLASS LIST
Monday Tuesda=
y
Anna Larez Brian B=
randaw
Diane Den Adel Kevin Bivens
Drew Christensen Greg Cisko
Geoffrey Jones Drew Sandqui=
st
Jennifer O'Sullivan Grant Jansen
Jeremy Teuton Jeff Horne
John Senn Julio M=
asia
Lyron Cobbins Mike Sleepe=
r
Jody Malik mjames
Maria Kaneshiro Richard Grand=
y
Mike Cantrell Senteria =
Jones
Patrick O'Connell Steven Smiley
Samuel Clements Timothy Larkin
Seth Thompson Whinston Antio=
n
Tom Hankins Mark Gomez
Frank Sornson Chris Collo=
rd
Craig Bowser
Sean Nixon
Forrest Reed
Nadine Miller
Dave Davis

29
doc/2013-02-TF5/c-mal.txt Normal file
View File

@ -0,0 +1,29 @@
You are registered for the Tracer Fire Malware Reverse Engineering c=
lass starting February 4th at 8:00AM Mountain time.&nbsp; I will be conduct=
ing the class through the GotoWebinar (<a href=3D"http://www.gotomeeting.co=
m/fec/webinar">http://www.gotomeeting.com/fec/webinar</a>)
software. Please check requirements for this tool before you attempt to co=
nnect on Monday morning. On Monday morning I will send out the connection d=
etails for the conference bridge and the link for the webinar connection.
Below are the requirements for participation in the class and labs:<br>
Laptop running VMware Workstation at least version 9. (VMware Fusion on the=
Mac is fine)<br>
Fully configured VMware Workstation Windows 7 virtual machine (An XP image =
will work as well). You must have administrative privileges and be able to =
completely disable AV or remove it on all machines.<br>
If you bring a system with VirtualBox, VMware ESX Server, or anything that =
is not VMware Workstation be aware that some (possibly all) of the labs mig=
ht have problems.<br>
You will need an irc client and the ability to connect to an IRC server on =
the internet. Pidgin is a nice client and tends to work with proxies quite =
well. The IRC server we will be using is irc.oftc.net.&nbsp;
Thanks<br>
Russ<br>