The nominations have been tallied and the voting is open for the 2014 Forensic 4cast Awards. But what do you know about the nominees? Why should you vote for them? What great feats have they accomplished in the last year?
I’m glad you asked…
Quotes from submissions are used where appropriate.
Remember to vote here: 2014 Awards voting
Computer Forensic Software of the Year
Internet Evidence Finder
“Internet Evidence Finder (IEF) has enhanced our capabilities for examining Internet History. IEF is the software of choice for recovering Internet artifacts, and we use it on every examination. IEF far surpasses other tools and software we have used in the past 15 plus years doing computer forensics. The recovery of artifacts is fast and reported in a clear and precise manner. I would highly recommend IEF to any Forensic Examiner for their toolkit. Support is excellent, and they always willing to listen to the needs of the Examiner.”
Volatility
“Volatility is the memory analysis framework, hands down. Volatility was nominated last year, but did not win. However, 2013 was a big year for Volatility with the release of the 2.x stable line, and the ability to analyze multiple OS’ including Linux and Mac. Whenever you hear someone say they are analyzing memory, they are using Volatility 99% of the time.”
4n6time
“David <Nides> spends a tremendous amount of time developing outside of work on his personal time 4n6time. I can attest that I have used this on over 20 cases this year and it has saved me many hours of time.”
Digital Forensic Blog of the Year
Hacking Exposed Computer Forensics Blog – David Cowen
“David’s persistence to the 365 blog per day challenge has been admirable. He consistently releases great material and keeps reader interest through his Sunday Funday challenges and giveaways as well as his weekly Forensic Lunch. It’s remarkable that David is able to balance his work life, family life, and the massive amount of time he must spend on his blog. I can’t think of a more deserving individual of this award for 2013.”
Cheeky 4n6 Monkey – Adrian Leong
“Adrian’s blog has been excellent source of blog humour, combined very nicely with DFIR learning. I have learned many arcane concepts from the efforts that he has taken to document through his blog. I think it would be great to recognize his efforts and contributions as DF blog of the year.”
Handler Diaries – Jack Crook
“HandlerDiaries is a blog by Jack Crook who is one of GE’s lead Incident Response handlers. His blog is an outstanding mix of deep technical details (malware writeups, memory forensics usage, etc.) as well as higher level concepts such as organizing teams, stayed focused on particular incidents during hectic business times, and many other challenges faced by people in our industry.”
Phone Forensic Hardware of the Year
UFED Touch
“The UFED provides the highest support for device profiles, lock bypass for over 200 android devices and more.”
“Best tool on the market, best support for all levels of phone support.”
Logicube CellXtract
“Logicube have got this right. Easy to use, quick access to relevant data, and lightweight and portable. I would say that this is the pretender to Cellebrite’s crown.”
Oxygen Forensic Kit
“The tablet makes this whole system extremely intuitive. I was able to pick up the device and use it with virtually no reference to the instructions. It has a wide array of customizable options that make the device collection and investigation workflow a joy.”
Digital Forensics Book of the Year
X-Ways Forensics Practitioner’s Guide – Shavers & Zimmerman
“Obviously a niche book – but it has become one of the most used in my library. I use it so much I bought a digital copy too!”
“Excellent book that should be in every XWF user’s toolkit.”
Computer Forensics InfoSec Pro Guide – Cowen
This is David’s second nomination of 2014. This doesn’t happen by accident. His dedication and attention to detail is exemplary.
“This book goes into the subject matter with amazing precision, and the author doesn’t hesitate to give you his personal opinions about how things really work, instead of just giving a theoretical best scenario environment.”
Placing the Suspect Behind the Keyboard – Shavers
Brett has been a busy boy this year. Two books nominated in the same category. In such a competitive category I think Brett has extremely well to maintain a career, a life, and to produce two great books.
Computer Forensic Hardware of the Year
Tableau T35u
“Tableau finally made a entrance into the USB3 write blocker market with the T35u. I have always preferred Tableau … due to quality control issues, and I can finally add what I consider a more stable product to my arsenal.”
CRU/Wiebetech Ditto Forensic FieldStation
“Even without the USB3 add-on this is an excellent piece of hardware and definitely hits the right price point. This device can image to and from network connections, image hard drives, USB devices, and even has a web-based interface so that you can do all of this remotely. Highly recommended.”
Tableau T3iu Imaging Bay
“This is the fastest imaging device I’ve ever owned. I acquires faster than any previous Tableau device I’ve used and is small enough that it only takes one drive bay on my forensic machine. Great idea. Great product.”
Phone Forensic Software of the Year
Cellebrite Physical Analyzer
“I am nominating the Cellebrite Physical Analyzer tool because it is an absolute “must have†utility for labs working with raw physical flash memory images. Our business performs hundreds of chip-off and JTAG physical extractions each year and in 2014 we have already encountered several phones not supported for parsing. The Cellebrite Physical Analyzer software has a wealth of advanced functionality that allows for in-depth manual analysis and parsing of physical memory images acquired via the chip-off or JTAG process. Additionally, the Cellebrite team is always willing to help support additional device types when a device physical image parsing is unsupported.”
Paraben Device Seizure
“There appears to be a stigma with Paraben products whereby many forensic investigators don’t view it as a serious tools for their arsenal. THIS IS WRONG! The advancements and improvements made by Paraben over the last two years has been noting short of miraculous. I do not leave for an engagement without Device Seizure in my pack. I view it as an absolute necessity.”
Internet Evidence Finder
In an unprecedented move IEF has been nominated for equivalent awards in both the computer and phone software categories. This is due to Magnet Forensics incorporating methods to extract and process internet data stored on smart-phones. This product really puts a spotlight on the increasingly blurred lines between computer and phone forensics.
“Internet Evidence Finder (IEF) is our software of choice for doing advanced recovery of data from cellular telephones. It is affordable, user friendly, time-saving and has excellent support and webinars. They are receptive to ideas and changes from Examiners. I highly recommend IEF for every examiner’s toolkit.”
Digital Forensic Article of the Year
Shellbags Forensics: Addressing a Misconception (interpretation, step-by-step testing, new findings, and more)Â – Pullega
“Dan’s ‘blog article’ is one of the most detailed write-ups regarding Shellbags research I’ve seen in a long time. This blog article is a reminder the dangers of assumptions in forensic exams, why tool validation is critical, and the many things we now know about Shellbags, and what research still needs to be done. Dan’s blog article is being actively updated and is the source of all things Shellbags.”
Python Parser to Recover Deleted SQLite Database Data – DeGrazia
“Great stuff as SQLite databases cross many platforms and devices”
Redline, APT1, and you – we’re all owned – McRee
“Russ shows us that we aren’t all just paranoid, they really are out to get us! The article shows how easy it is to fall victim and why we should be sharpening our skills to find and fix problems as soon as we can.”
Digital Forensic Organization of the Year
Teel Tech
“Bob Elder and Teel Technologies (Canada) has been a leader in JTAG and Chip-Off device examinations. Bob’s selfless assistance has helped in numerous cell phone examinations for this agency and several others. Bob’s research and personal experience has been invaluable. Also, Bob freely shares and teaches others what he has learned. In my opinion Bob has no equal in advanced cell phone examinations.”
Verizon RISK
“The Verizon RISK Team produced the Data Breach Investigations Report once more and successfully handled quite a few large, public, complex investigations.”
SANS
“SANS consistently updates its existing material and works to bring new, relevant material to all of their class attendees. The conferences and other events are always well planned and seldom do I come away from such an event feeling like I’ve not learned something new.
Digital Forensic Investigator of the Year
Santiago Ayala
“Santiago competed against over 80 participants in the SANS NetWars Challenge at CEIC in Orlando on May 21, 2013. He won first place and a SANS Challenge Coin (RMO) for his victory. Santiago is a go-getter in the field and frequently researches new technologies and DFIR methods to improve his team and DFIR in general.”
Bob Elder
“Bob, apart from being one of THE experts on physical/alternative/chipoff/JTAG/BlackBerry mobile forensics, is amazingly helpful on the various groups that he always seems to be actively monitoring. He helps out with JTAG information, chipoff information, BlackBerry and general mobile forensics information constantly. Smart and helpful.”
Alejandro Perez
“Alejandro is an exceptional forensic examiner, not just in his methodology, but his willingness to mentor others. He doesnt just want his engagements to succeed, but also those of his colleagues.”