Export or edit this event...

Portland Linux/Unix Group: Intro to Digital Forensics

Portland State University FAB, Room 86-09
1900 SW Fourth Avenue
Portland, Oregon 97201, US (map)

Access Notes

Building is at 4th and College. Room 86-01 is in the basement, take the elevator or stairs down to basement and follow the signs.




                      Intro to Digital Forensics
                 (aka Groveling Through File Systems)


                             Hal Pomeranz
                         Deer Run Associates

While it may not be as sexy as they make it look on TV, there are a number of powerful Open Source tools available for analyzing file systems and recovering data-- even data that may have been deleted by the attacker. This talk will start with an overview of the standard Unix file system architecture and discuss tools for imaging file systems, suggest a few useful tools and idioms for finding clues in your images, and cover how to discover "interesting" data from deleted files and re-assemble that data into an actual file image.

Hal Pomeranz is the founder and technical lead of Deer Run Associates, and has been active in the system and network management/security field for over twenty years. As a senior member of the Faculty for the SANS Institute, Hal developed the SANS "Step-by-Step" course model and currently serves as the track coordinator and primary instructor for the SANS/GIAC Linux/Unix Security Certification track (GCUX). In 2001 he was given the SAGE Outstanding Achievement Award for his teaching and leadership in the field of System Administration.


(1)  The slides for the presentation are available at:

(2)  Randal Schwartz will do a live cast of this presentation at:
     You can follow along if you have a web browser, 
     and if you register, you can also participate in the chat, 
     and Randal might relay your questions to the speaker.
     The recording of the session will be available afterward 
     at the same address.