2025-10-23 –, Hollenfels
Tools, Tools, Tools, analysts love it to have a large collection of forensics tools available, to perform the analysis and present the results. Unfortunately often the analysts do not exactly know how the tools come to the results. And so, if the tools fail and present wrong results the analyst do not know what is going wrong.
This training will start with a little demo. Different tools produce different output. Than we will:
1. Read a stream of Bit
2. Apply addressing to it
3. Learn to interpret values like integer, signed integer or ASCII
4. Be able to convert a little endian value into a big endian
5. Apply a data structure on the data
6. Recover data manually
At the end of the training the attendee will be able to read a MBR/BootSector and read the partition table manually.
Since 2010, Michael Hamm has been working as an operator and analyst at CIRCL – Computer
Incident Response Centre Luxembourg where he is working on forensic examinations and incident
response.