SANS Forensic Summit

Last week I attended the SANS Forensic Summit in Washington DC. What an experience it was. I got to meet many people for the first time including Mark McKinnon, Joe Garcia, Brian Moran, and Rob Lee (if I listed everyone people would get bored reading, sorry).

The event itself was fantastic I was able to watch presentations given by some of the biggest and best in the field today including Jesse Kornblum, Harlan Carvey, Troy Larson and many others. Mark and I also had the opportunity to give our presentation on Volume Shadow Copies and show a little of what Shadow Analyser will do once we release it. We seem to have gotten some positive feedback from it too. Thanks to the presentation I was even allowed to walk away with on of the SANS ‘Lethal Forensicator’ RMO. It is very nice and more people should carry them.

On the Thursday night we held the second annual Forensic 4cast Awards, the winners have already been listed on here so I won’t do it again but I will say that it was well attended and a lot of fun. I’m working on providing some more footage of the event to post online.

All in all this whole thing was awesome. Well worth attending. Next year’s summit will be moving from Washington DC to Austin, Texas. As you have nearly a year until then it is worth your time making sure that you can attend.

On a side note, while we were in DC Mark and I had the chance to go to see the Iwo Jima memorial and the Arlington Cemetery thanks to our friend Jerod. While the visit didn’t have anything to do with forensics I thought that I would share my feeling about this place.

It is both tragic and inspiring at the same time. Seeing the rows upon rows of graves of those who faithfully served their country until the end humbles me. I think of their contributions to the world, for their shortened lives, and feel not only gratitude but also a deep sense that I need to do more. Why should people like that waste their lives for me to be satisfied with mediocrity? No. I will make sure that, whatever I am and whatever I become, I’ll strive to be the best so that people like them did not, and will not, die in vain.

Now, this DOES apply to forensics. There are many in this field who continue to ‘coast’. They do their work and go home. While this is admirable I fear that it is not enough for the future. We should be actively engaged in researching and presenting our research so that all in the field can benefit from our cumulative knowledge. Let’s not wait for someone else to make the big discoveries, let’s jump in and do it ourselves.

Forensic 4cast Awards – Results #forensicsummit

Last night we held the second annual Forensic 4cast Awards at the SANS Forensic Summit in Washington DC. It was tremendous fun and was broadcast live by SANS on their website. If you want to see their coverage of the event you can do so here https://www.sans.org/webcasts/live-forensic-4cast-awards-ceremony-93653. I will be posting video of the event in the next few days.

The 2010 winners are listed below:

Outstanding Contribution to Digital Forensics – Individual
Rob Lee

Outstanding Contribution to Digital Forensics – Company
SANS

Best Digital Forensics Blog
SANS

Best Digital Forensics Book
Windows Forensic Analysis 2E

Best Digital Forensic Podcast
Inside the Core

Best Computer Forensic Hardware
Tableau T8

Best Computer Forensic Software
FTK Imager

Best Phone Forensic Hardware
Cellebrite UFED

Best Phone Forensic Software
Mobilyze

Digital Forensic Investigator of the Year
Nick Furneaux

Lifetime Achievement
Craig Wilson

4cast Awards – Votes Close Tomorrow

The Forensic 4cast Awards will take place on Thursday evening in Washington DC (have I mentioned that before?) and the voting closes tomorrow. If you have not yet taken the time to place your votes please do. Most of the voting is EXTREMELY close and one or two votes can make all the difference.

You can place your votes here:

http://forensic4cast.com/2010/06/16/forensic-4cast-awards-2010-voting-is-open/

Happy voting!

Shadow Analyser Article by The Register

Greetings all.

As you may (or may not) know Mark McKinnon, Disklabs and I are working together on a project that we call ‘Shadow Analyser’. We have put a lot of time and effort into this and hope to have it released very soon.

This last week The Register published an article about our upcoming software. If you have a few minutes it is well worth a read. It is funny to see my own name being published in such a reputable web page. Maybe I really AM the Amy Winehouse of digital forensics, then again…

Anyway, here’s the link:

http://www.theregister.co.uk/2010/06/30/shadow_analyser_digital_forensics/

Sneak Peak at the Forensic 4cast Awards

Want to know what the awards will look like? I have to admit, these do look pretty darn cool. I think they are very ‘Geek Chic’.

Anyway, here they are. Feedback is appreciated and, if you’re in contention for an award this year – how much more do you want one now? If you’re not in contention for an award – go out and convince people to nominate and vote for you in 2011.

And yes, that is pin-point accurate laser engraving. Nice.

Forensic 4cast Awards – Open to All

This is an important update on the Forensic 4cast Awards.

SANS have announced that both the Forensic Challenge Awards and the Forensic 4Cast Awards will be open to anyone that wishes to attend. This will be the case whether or not you are a delegate for the summit.

This is superb news and I’d like to say a huge thankyou to SANS for making this possible. If you’re going to be in the DC area on July 8 2010 please make sure to stop by and attend the awards. If you can’t be in DC for the awards, I would first ask “WHY NOT?” but then I’d console you and tell you not worry too much as SANS are also pushing the awards out by simulcast. We’ll have the link for you closer to the time but that is awesome. This means that you have no excuse to not attend in some capacity.

I’ve also been informed of the possibility of food (this is yet to be confirmed though). Even if the entertainment of the awards doesn’t entice you to come the food should!

This should be an exceptional event as there all kinds of people will be there, from Rob Lee, to Harlan Carvey, to Mark McKinnon. Its your chance to meet these pillars our our community and to commiserate them when someone else wins their awards

The times for the awards are:

• 630 PM Forensic Challenge Awards
• 730 PM Forensic 4Cast Awards

The events will be held at:

Fairmont Washington DC
2401 M Street, NW
Washington, DC 20037

Now, on to the next item of business… anyone out there willing to perform a song or two for the awards?

Forensic 4cast Awards 2010 – Voting is Open

The nominations have been taken and counted and now we have narrowed down the fields to just a few for voting. You will notice that the ‘Blog Article’ entry has not made the cut. This is because so many people nominated different articles that no two nominations were the same. I know this is the risk of running nominations and I may change the format next year.

You will also notice that the categories will have two, three, or four nominees. This is because the nominations were so close. We didn’t want to pick and choose so we’ve just left it all up to you.

Finally. We’ve decided to take the ‘Lifetime Achievement’ award off. We will still be presenting an award for this but it will be at the discretion of Forensic 4cast. This is likely to be the case for this category from now on.

Anyway, as before we’ve asked that you give your name and email address just so that we can stop people from spamming.

Voting will close on July 6 2010. That’s only three weeks so get voting!

SANS Forensic Summit 2010 – Why you MUST attend

First of all I know that some people will argue about my use of the word ‘must’ but I stand by it. Yes there are other conferences that you can attend but the SANS Forensic Summit will have presentations and panels with some of the most respected people in the fields or digital forensics and incident response. These people will be sharing their real-world experiences with us. The sharing of these experiences means that we can all learn and grow together as a field.

A couple of weeks ago I wrote a post about how there is a growing trend for forensic investigators to feel like they know enough and that there is little else to learn. I defy anyone to attend this summit and walk away not feeling as if they have a lot more to learn.

That being said, what will be discussed at this summit? I’m not going to give a summary of every presentation and panel, but I’m going to provide you with some of the highlights that I’m looking forward to.

Harlan Carvey will be presenting on Registry and Timeline Analysis. If you know Harlan or have used Regripper you know that this is Harlan’s area of expertise. What a tremendous opportunity to learn straight from one of the best in the field.

Jeff Hamm and Robert Shullich are presenting on the dissecting of the exFAT file system. I’m personally very interested to hear all about this.

Troy Larson of Microsoft (a small Seattle -based software company) will be presenting on forensic issues relating to Windows 7. With Windows 7 taking an increased percentage of the OS market we can’t afford to stand by and ignore these issues.

Jesse Kornblum will be presenting on fuzzy hashing. A key method of identifying known data. Should be a great presentation.

And that leaves me. Of course I’m going to talk about  my presentation the most, mostly because I’m a shameless self-promoter, but also because I believe my presentation has significant value. My presentation ‘Shadow Warriors’ will take place from 3:20pm until 4:20pm on the second day. I will be presenting with Mark McKinnon of Red Wolf Computer Forensics. Our presentation will focus on how to manually dissect Microsoft ‘difference files’ (commonly known as volume shadow copies), but this is not all. We will also be demonstrating our upcoming forensic software ‘Shadow Analyser’. It is well worth your time to go to the summit just for this presentation

There are many other reasons to attend but one more item that I want to discuss (again due to the shameless self promotion) is the Forensic 4cast Awards. This event will take place on the evening of the first day and will be fantastic. Speaking of which don’t forget to post your nominations and votes.

The SANS Forensic Summit 2010 will take place on 8th and 9th July 2010 at the Fairmont, Washington DC.  Full details can be found at http://www.sans.org/forensics-incident-response-summit-2010/. Hope to see you there.

Forensic 4cast Awards 2010

That’s right, its that time again. The second annual Forensic 4cast Awards will be held as part of the SANS Forensic Summit in Washington DC on Thursday July 8 2010 at 7:30pm.

Whereas last year Simon and I stood in front of a camera and broadcast the event live, this time a live audience will be in attendance meaning that several of the winners will be there to pick up their awards, give speeches, etc. Yes, you did read that right… there will be actual physical awards presented this year too.

What should you do next?

Well, sadly the nominations for this year’s awards are now closed. Nominations will reopen next year.

Forensic 4cast Named One of 50 Top Criminology Blogs

Yesterday I received an email saying that Forensic 4cast has been named as one of the top 50 criminology blogs by CriminoBlogica. In fact we didn’t just make the top 50, we made number 19!

CriminoBlogica is a high-quality internet resource for people interested in criminology, forensics, and general law enforcement. Their authors write articles focusing on collecting useful criminology resources from all over the web, as well as offering general advice to anyone interested in pursuing a career in criminology.

I take great pride in this website so it is always nice to have some recognition now and again.

The article can be found here:

http://www.mastersincriminology.com/top-50-criminology-blogs.html

Next Page »