Michael Hamm
Michael Hamm, Operator and analyst at Computer Incident Response Center Luxembourg (CIRCL), c/o "Luxembourg House of Cybersecurity"
Michael Hamm has worked for more than 10 years as Ingenieur-Sécurité in the field of classical Computer and Network Security (Firewall, VPN, AntiVirus) at the research center “CRP Henri Tudor” in Luxembourg. Since 2010, he has been working as an operator and analyst at CIRCL – Computer Incident Response Center Luxembourg where he is working on forensic examinations and incident response.
Session
On a Linux system we will prepare an USB stick with 3 little test files like 'test1.txt', 'test2.txt' and 'test3.txt' with some little test content inside. If connecting the spooky USB stick to a Windows based PC (VM guest) the USB stick is mounted and we see three '.txt' files. But the content is different and doesn't match the content we created on the Linux PC.
Analyzing the stick with different tools leads to confusing results. It does not help to understand what is going wrong here. The idea of this workshop is to provide the students with the knowledge to build their own spooky USB stick.