The ISSG workshop on Proactive IT Security on 18th October was a well-attended event. We were fortunate to have Chief Inspector Paul Jackson of the Hong Kong Police Technology Crime Division presenting. Paul has twenty years experience in the Police and is very knowledgeable about digital investigations, having been involved in many high-profile cases. He is also President of the High Technology Crime Investigation Association (HTCIA) Asia Pacific Chapter, Vice Chairman of the International Organisation on Computer Evidence (IOCE), a helpful teacher and entertaining speaker.

The workshop covered malware, especially botnets, incident response, live system forensics and tracing data leak sources. Paul pointed out that the common commercial approach to incident response is aimed at cleaning up and getting systems running quickly, but, with a little planning, it is possible to investigate and discover useful information, such as the controllers of zombie machines.

The hands-on part of the workshop was conducted in the safety of virtual machines and covered a wide range of tools, mostly free, for capturing and extracting information in a useful form. The traces left on a machine, for example, in the registry, can be very revealing, such as what USB devices were used, and when. The final workshop task was running unidentified malware and investigating its actions.

The participants received certificates from HKCS ISSG and the HK Chapter of the HTCIA.