REVISED - Northern California Chapter Meeting (09:30am PT) [Hybrid]
REVISED - Northern California Chapter Meeting (09:30am PT) [Hybrid]
Thursday, February 27, 2025 (9:30 AM - 12:30 PM) (PST)
Description
Accept emails from <no-reply@zoom.us> to get your personalized registration link.
Presenter: Derek Eiri, Cybersecurity Analyst
Topic: Overview of WinFE
1) What is WinFE
2) Why might you want to use WinFE
3) How to build and use WinFE based on Colin Ramsden's WinFE build.
If you want to follow along and leave with a build (Intel) of your own, you'll need:
1) A Windows machine running Windows 10 Pro x64, with a build version of at least 1803.
2) An external drive with sufficient space to acquire a target storage device
3) While we may have internet access, you may want to have the following installation files on your machine:
- 7zip
- FTK Imager 4.7.1 (64-bit) (hint: Wayback machine)
- FTK Imager 3.4.0.1 (32-bit) (hint: Wayback machine)
- Windows 10 ADK: ADK 1803 for 32/64 bit compatibility. If you just need 64 bit, I've tested ADK 2004, which works just fine. Either ADK (1803/2004) need their respective versions' PE add-on.
Bonus: I have permission to distribute Brett Shavers' book on WinFE in PDF if you attend this meeting in person.
Presenter Bio: Derek Eiri is a cybersecurity analyst at a non-profit integrated healthcare system. In this role, he participates in incident response activities and enhances organizational readiness to collect, examine, analyze, and report on data to minimize disruptions to patient care. Previously, Derek held roles in healthcare compliance, privacy, and information security. He was responsible for investigating allegations of unauthorized access or disclosure of protected health information, detecting and preventing fraud, waste, and abuse, and assessing third-party vendors and technology risks. Derek also volunteers as the Secretary for HTCIA's Northern California chapter. In his free time, he tends to chickens, cleans corgi hair off of _everything_, and spends quality time with family.
The in-person part of this hybrid meeting will be held at the California DOJ Bureau of Gambling Control conference room at
2450 Del Paso Road Suite 100
Sacramento, CA United States
You can access the building at the east side entrance (windows are blacked out on the room, on Del Paso Rd side of building). You can park anywhere you’d like on the east or south side of the building (open parking lot).
Images

2450 Del Paso Rd Suite 100
Sacramento, CA 95834 United States