The 2010 winners are listed below:

Outstanding Contribution to Digital Forensics – Individual
Rob Lee

Outstanding Contribution to Digital Forensics – Company
SANS

Best Digital Forensics Blog
SANS

Best Digital Forensics Book
Windows Forensic Analysis 2E

Best Digital Forensic Podcast
Inside the Core

Best Computer Forensic Hardware
Tableau T8

Best Computer Forensic Software
FTK Imager

Best Phone Forensic Hardware
Cellebrite UFED

Best Phone Forensic Software
Mobilyze

Digital Forensic Investigator of the Year
Nick Furneaux

Lifetime Achievement
Craig Wilson

Anyway, here they are. Feedback is appreciated and, if you’re in contention for an award this year – how much more do you want one now? If you’re not in contention for an award – go out and convince people to nominate and vote for you in 2011.

And yes, that is pin-point accurate laser engraving. Nice.

SANS have announced that both the Forensic Challenge Awards and the Forensic 4Cast Awards will be open to anyone that wishes to attend. This will be the case whether or not you are a delegate for the summit.

This is superb news and I’d like to say a huge thankyou to SANS for making this possible. If you’re going to be in the DC area on July 8 2010 please make sure to stop by and attend the awards. If you can’t be in DC for the awards, I would first ask “WHY NOT?” but then I’d console you and tell you not worry too much as SANS are also pushing the awards out by simulcast. We’ll have the link for you closer to the time but that is awesome. This means that you have no excuse to not attend in some capacity.

I’ve also been informed of the possibility of food (this is yet to be confirmed though). Even if the entertainment of the awards doesn’t entice you to come the food should!

This should be an exceptional event as there all kinds of people will be there, from Rob Lee, to Harlan Carvey, to Mark McKinnon. Its your chance to meet these pillars our our community and to commiserate them when someone else wins their awards

The times for the awards are:

• 630 PM Forensic Challenge Awards
• 730 PM Forensic 4Cast Awards

The events will be held at:

Fairmont Washington DC
2401 M Street, NW
Washington, DC 20037

Now, on to the next item of business… anyone out there willing to perform a song or two for the awards?

You will also notice that the categories will have two, three, or four nominees. This is because the nominations were so close. We didn’t want to pick and choose so we’ve just left it all up to you.

Finally. We’ve decided to take the ‘Lifetime Achievement’ award off. We will still be presenting an award for this but it will be at the discretion of Forensic 4cast. This is likely to be the case for this category from now on.

Anyway, as before we’ve asked that you give your name and email address just so that we can stop people from spamming.

Voting will close on July 6 2010. That’s only three weeks so get voting!

The first thing you will notice is that this is a very thin computer; it has an aluminium (aluminum for you non-Brits) case.  This is quite slippery so take care not to drop it.
The first thing you will need to do is turn it over.
There are ten screws that need removing (circled below).  The front six screw are the same size; the rear-corner screws are a little longer; the middle-rear screws are longer still.  Keep track of these for putting it back together.

Once the bottom of the case is off you are going to focus your attention on the rear-right corner of the computer (highlighted below).

When you look closer at this corner you can see two ribbon cables.  The first of these is disconnected at ‘A’ by pulling on tab ‘B’ below:

Once this has been completed you will see four more screws (circle below).  The top two screws are easily enough removed, the bottom two screws are partially obscured by a thin wire.  The wire is tucked in the drive cage.  Gently pry the cable away until the screws are exposed and remove the screws.

We are now ready to remove the second ribbon cable.  Gently pull it away (marked in red below) until it is no longer connected.

Removing the drive is not difficult, carefully life the drive cage and slide the hard drive out from underneath.  Do not pull it out from the top or try to remove the drive cage as you may cause irreparable damage.

Once you have removed the drive the drive turn it over and carefully remove the black tape covering the ribbon connection (marked below).

Once the tape has been removed the ribbon connection is exposed.  Carefully pull the ribbon cable out of the connector (marked below).

When finished you should have something the looks like the picture below:

This is a ‘ZIF’ drive.  These drives are commonly found in iPods and ultraportable PCs.  In order to image this drive you will require the following:

• Either a ‘Tableau T14 IDE’ or a ‘Tableau T35e’ write blocking device
• A ‘TDA5-ZIF’ drive adapter kit

Why so specific? Well, Tableau state that the ‘ZIF’ adapter is only guaranteed to work with one of the two Tableaux mentioned above.  I do not want to risk something going wrong so I’ll follow their advice.  Thankfully I had a ‘T35e’ already available.  You can try using this adapter with a different model, or even a different brand of write-blocker, but its not recommended.
Carefully insert the new ribbon (provided with the adapter) into the ribbon connector on the hard drive and then connect the other end of the ribbon into the adapter (see below).  Then plug the adapter into the Tableau.

From this point forward it is exactly the same as acquiring any other hard drive.  The Tableau will pick up the drive allowing you to image as normal.

Hope this is useful to someone out there.