- About FIRST
- FIRST Members
- Global Initiatives
- Special Interest Groups (SIGs)
- Best Practices Contest
- Standardization efforts
- Affiliates
- Events
- Meetings
- Security Library
- Newsroom
Thursday — November 15th, 2012 10:00
Thursday — November 15th, 2012 11:00
Thursday — November 15th, 2012 11:15
YARA is more than just a malware classifier. Students will learn major elements of YARA's rule description language. In four hands-on labs participants will write their own rules and develop patterns to identify and classify obfuscation techniques as well as hash functions and encryption algorithms.
An Ubuntu-based training environment will be provided. Participants are expected to provide their own laptop, with at least 1 GB RAM free for applications, 10 GB free disk space, and the latest version of VMware (either Workstation, Player, or Fusion) installed. The virtual machine image is available for download from http://r.forens.is/tckyoto.
Andreas Schuster (Deutsche Telekom AG, DE) 
Andreas Schuster is a Senior Computer Forensic Examiner with the security department of Deutsche Telekom AG since December 2003. Previously he led a commercial computer incident response team and had worked in the internet business for about seven years.
Andreas has authored and contributed to several forensic analysis tools. He regularly reverses undocumented data formats like file systems and in-memory information. For his research he was awarded the DFRWS 2006 best paper award and the German IT-Security Award 2008.
Andreas is a member of the Digital Forensic Research Workshop and a reviewer for several scientific journals in the field of digital forensics. He has given trainings to law enforcement and private-sector and presented at FIRST and other InfoSec conferences.
Copyright © 1995 - 2013 by FIRST.org, Inc.
