Next Meeting: May 8th, 2008 at 7pm

Date: May 8th, 2008
Time: 7pm
Place: EE1 Building (Electrical Engineering)
Room 403
University of Washington Campus
Subject: Introduction to Digital Forensics (aka Groveling Through File Systems)
Presenters: Hal Pomeranz

While it may not be as sexy as they make it look on TV, there are a number of powerful Open Source tools available for analyzing file systems and recovering data– even data that may have been deleted by the attacker. This talk will start with an overview of the standard Unix file system architecture and discuss tools for imaging file systems, suggest useful idioms for detecting signs of a break-in, and cover how to discover “interesting” data from deleted files and re-assemble that data into an actual file image.


Hal Pomeranz is the founder and technical lead of Deer Run Associates, and has been active in the system and network management/security field for over twenty years. As a senior member of the Faculty for the SANS Institute, Hal developed the SANS “Step-by-Step” course model and currently serves as the track coordinator and primary instructor for the SANS/GIAC Unix Security Certification track (GCUX). In 2001 he was given the SAGE Outstanding Achievement Award for his teaching and leadership in the field of System Administration.