Timeline Analysis Course interest in Midwest?

Any interest?

Cmon everyone, you know you're tired of paying $30-$50 a day to park and sit in awful traffic, eat high priced junk meals, and pay for $300 Motel 5's

Post here if you want, lets get this going.

Indianapolis is a bit far for me (Nebraska) but my interest in the subject is great. I would make a case for going to the higher ups.

Based on some analysis that I've done recently, and as a result of conversations I've had with Corey Harrell, as well as some other folks at work, I've been updating the tools and material for the course.

I think that the biggest thing at the moment is how the edition of category identifiers can really aid in analysis. For example, I recently analyzed a Windows 2008 R2 Server, and kept having to look up the Event IDs. I decided to add the ability to map various event source/ID pairs to a category ID. For example, there are a number of event IDs associated with Terminal Services that identify a logon vs. a logoff vs. a failed logon attempt. Further, there are a number of events from the Windows Event Log as well as from other sources (UserAssist, Prefetch, ShimCache, etc.) that are all associated with program execution. Adding category IDs or "tags" allow the events themselves to be better understood.

PM Sent!

As this training is literally at my back door, I'm very interested!

Thanks!

C

This thread is for loading and unloading of potential attendees of the course, there is no parking in the timeline thread.

(OK bad Airplane take on loading and unloading in a red zone)

Everyone who has PM'd me you have mail. Just waiting on information.