SANS EU Forensic Summit 2010

Three posts in as many days? No your eyes are not deceiving you, I’ve just had a few things to talk about this week.

On 19th and 20th April 2010 the first SANS EU Forensic Summit is taking place in London and I’m going to be speaking. Not only am I speaking but I’ll also be hosting Forensic 4cast in front of a live audience for the first time.

Simon would be joining me but he’ll be away on a cruise. I often say that Simon is an old man trapped in a young man’s body and I think he proves this to me over and over again.

The topic of my talk is “Into the Shadows” in which I’ll be discussing recovering data from Windows Shadow Volumes.  The abstract of my presentation is as follows:

Since their arrival in recent Windows operating systems, volume shadow copies have troubled forensic investigators. Many investigations place less value on, or even ignore items found in these files due to their complexity. The only known way of fully accessing the contents of volume shadow copies consumes a great deal of both time and storage. This can prove costly for investigator and client alike.

I’ve been doing a great deal of research into this and will be sharing my findings with the audience, including how to manually extract files from shadow volumes, how shadow volumes operate, and more.

Other speakers include:

• Jesse Kornblum of Mantech
• Keith Foggon of the FSA
• Ero Carrera of VirusTotal
• Jelle Niemantsverdriet of Verizon Business Security Solutions (friend of 4cast)
• Kristinn Gudjonsson of Information Security

It promises to be a great event (yes, even with me being there) so please register.  More details of the summit can be found here:

http://www.sans.org/eu-forensics-incident-response-summit-2010/

SANS are also offering their great training courses before and after the conference too,  be sure to check them out too.

Forensic 4cast Awards 2010 – Your Opinions

As you are no doubt aware, last year Lee and Simon hosted the first ever Forensic 4cast awards. This proved to be more successful than we could ever have imagined.  What started as a a bit of fun soon became something more. We found that people took this very seriously and the reaction to the awards was incredible. We’ve had offers of companies sponsoring future Forensic 4cast award ceremonies and we’re very grateful (and may even take them up on their offers).

I’m not here to announce when the awards will take place or ask for nominations (even though some people have jumped the gun already), I here to ask your opinion. How would you like the awards to proceed this year? Did you like the way it was organised last year? Should we aim for bigger and better?  Please tell us how you think things should be.

As usual you can contact us through email, twitter, voicemail, text message or comment on this posting. Our contact details are as follows:

• Email lee@forensic4cast.com
• UK Voicemail – 0709 288 9434
• USA Voicemail – (435) 565 4533
• USA SMS – (435) 565 4533
• twitter.com/4cast
• Simon twitter.com/englishgit
• Lee twitter.com/schizophreud.

Episode 26 – Make Mine a DECAF

In this episode we discuss the latest happening with COFEE and DECAF, a new digital forensic magazine called Into The Boxes, an interesting initiative launched by the UK government, and we talk to Dave Melvin and Joe Garcia about their podcasts.

Dave is one of the three hosts of Inside The Core and Joe hosts Cybercrime 101.