Program Overview

The FIRST Technical Colloquium (TC) event is restricted to FIRST members only and will be held in March 01-02, 2007.

Thursday, 1 March

Plenary Session Day (March, 1st)
09:00 – 09:30
 US

FIRST update

Mike Caudill (Cisco PSIRT, FIRST Chairman, US)

09:30 – 10:30
 CA

MATH Lab - An essential for CIRT Disaster Recovery

Gerard White (Aliant CSIRT, CA)

10:30 – 11:00

Coffee break

11:00 – 12:00
 US

Recent Experiences with Computer Forensics at OSU

Steve Romig (OSU-IRT — Ohio State University, US)

12:00 – 13:00

Lunch

13:00 – 14:00
 US

Means, Motivations and Mitigation of Insider Threats

Fred Doyle ( iDefense Labs Director - Verisign, US); Roger Weiler (FSISAC Analyst - Verisign, US)

14:00 – 15:00
 US

Wicked Rose and the NCPH (Actor Attribution in China)

Rick Howard (iDefense Intelligence Director - Verisign, US)

15:30 – 16:00

Coffee break

16:00 – 16:30
 US

NetExpect

Eloy Paris (Cisco PSIRT, US)

16:30 – 17:30

Applying the Five Stages of Grief to Incident Response

Friday, 2 March

Hands-On Class (March, 2nd)
09:00 – 10:30
 US

CVSS trainning

Michael Scheck (Cisco CSIRT, US)

 US

Malware analysis workshop

Steve Romig (OSU-IRT — Ohio State University, US)

 CA

MATH (Malware Analysis Treatment & Handling) LAB

Gerard White (Aliant CSIRT, CA)

Strategies for Executable Unpacking

Joe Stewart (SWRX CERT)

Tools and Methodologies for the Analysis of Windows Event Logs

Dan Moor (EDS)

 US

Windows Memory Analysis

Harlan Carvey (IBM, US)

11:00 – 12:00
 US

CVSS trainning

Michael Scheck (Cisco CSIRT, US)

 US

Malware analysis workshop

Steve Romig (OSU-IRT — Ohio State University, US)

 CA

MATH (Malware Analysis Treatment & Handling) LAB

Gerard White (Aliant CSIRT, CA)

Strategies for Executable Unpacking

Joe Stewart (SWRX CERT)

Tools and Methodologies for the Analysis of Windows Event Logs

Dan Moor (EDS)

 US

Windows Memory Analysis

Harlan Carvey (IBM, US)

13:30 – 15:30
 US

CVSS trainning

Michael Scheck (Cisco CSIRT, US)

 US

Malware analysis workshop

Steve Romig (OSU-IRT — Ohio State University, US)

 CA

MATH (Malware Analysis Treatment & Handling) LAB

Gerard White (Aliant CSIRT, CA)

Strategies for Executable Unpacking

Joe Stewart (SWRX CERT)

Tools and Methodologies for the Analysis of Windows Event Logs

Dan Moor (EDS)

 US

Windows Memory Analysis

Harlan Carvey (IBM, US)

Writing Good Security Advisories: A Hands-On Guide to Delivering Bad News in the Best Possible Way

16:00 – 17:00
 US

CVSS trainning

Michael Scheck (Cisco CSIRT, US)

 US

Malware analysis workshop

Steve Romig (OSU-IRT — Ohio State University, US)

 CA

MATH (Malware Analysis Treatment & Handling) LAB

Gerard White (Aliant CSIRT, CA)

Strategies for Executable Unpacking

Joe Stewart (SWRX CERT)

Tools and Methodologies for the Analysis of Windows Event Logs

Dan Moor (EDS)

 US

Windows Memory Analysis

Harlan Carvey (IBM, US)

Writing Good Security Advisories: A Hands-On Guide to Delivering Bad News in the Best Possible Way