DFIR-Train 2023

Workshop Teaching and Training in Digital Forensics and Incident Response (DFIR-Train)

to be held in conjunction with the 18 th International Conference on Availability, Reliability and Security

August 29, 2023

Digital forensics and incident response are crucial elements of today’s IT security ecosystem. Despite all the efforts aimed at prevention of security incidents, they do happen and warrant swift and precise response to avoid catastrophic data loss and operational disruptions. Incident response crucially depends on the skills of engaged stakeholders. Hence, teaching and training in the field of digital forensics and incident response is of paramount importance and requires continuous improvement of curricula and methodology.

In the workshop we will present and demonstrate the new teaching material and training tools developed in the EU Erasmus+ project DFIR-Alliance. The main contribution of our project in the field of security education is its focus on practical DFIR training, built around simulated incident investigation scenarios.  The motivation for such practical focus has been drawn from a study published at the DFRWS 2021 USA conference, identifying the skills needed for incident response practitioners. To demonstrate the importance of practical training for incident response, we will carry out a training session demonstrating the key tools and procedures for a typical incident involving data theft. The training material and the supporting technical infrastructure will be publicly available after the workshop.

Workshop CHairs

Pavel Laskov, University of Liechtenstein, Liechtenstein


Session 1:

  • Skill demand analysis for digital forensics and incident response (30 min). Speaker: Radek Hranicky, Brno University of Technology, Czech Republic.
  • Project contributions: teaching and training material (30 min). Speaker: Pavel Laskov, University of Liechtenstein.
  • Project contributions: technical and instructional infrastructure (30 min), Speaker: John Sheppard, South East Technological University, Ireland.

Session 2:

  • Use case investigation (90 min). In this session, the participants will investigate an “incident” in a virtualized IT environment simulating a small enterprise. An incident scenario will be provided based on a typical pattern an external attack exploiting a database vulnerability. The participants will be guided step by step through the investigation process involving inspection of specific indicators of compromise relevant to this use case.