Digital Forensics with Kimmo

Your box got owned - but how?

Kimmo Linnavuo will teach CinCan digital forensics in my penetration testing course on w17 Tue. Kimmo works works as an information security specialist at Finnish Transport and Communications Agency Traficom. He has taught CinCan in HelSec, FIRST and Disobey.

Audience and Prerequisites

Kimmo will give an online CinCan workshop on week w17 Tuesday 2020-04-21 at 12:00.

The presentation will be in Finnish.

The main audience is my penetration testing course, but the event is open for all Haaga-Helia staff and students. If you're taking my course on configuration managment systems, you'll probably enjoy this, too.

To follow the examples, you should be able to work with Linux command line interface. If you handle actual malware, you should have an idea how to do it safely.

The video conference will use Jitsi Meet, so you'll need a mic and a webcam.

Software to Install

  • Ubuntu 18.04
  • At least 6 BG RAM, at least 10 GB free disk space
  • cincan-command
  • minion

The exercices will use cincan-command and minion to run tools needed for the analysis. You will need to setup Ubuntu 18.04 machine with more than 6 GB RAM and some 10 GB of free disk space to store the analysis artefacts and tools used in the excercises. You will also need to have Docker and Python 3.6 or higher installed on the system.

If you are using VirtualBox, you probably need to create a new virtual machine to have enough RAM. As with any malware analysis, the machine should not have any highly sensitive material.

CinCan GitLab repositories have more up-to-date details about requirements and steps of installing cincan-command and minion.

Updated: I'll keep updating this article as the workshop approaches.