Three posts in as many days? No your eyes are not deceiving you, I’ve just had a few things to talk about this week.
On 19th and 20th April 2010 the first SANS EU Forensic Summit is taking place in London and I’m going to be speaking. Not only am I speaking but I’ll also be hosting Forensic 4cast in front of a live audience for the first time.
Simon would be joining me but he’ll be away on a cruise. I often say that Simon is an old man trapped in a young man’s body and I think he proves this to me over and over again.
The topic of my talk is “Into the Shadows” in which I’ll be discussing recovering data from Windows Shadow Volumes. The abstract of my presentation is as follows:
Since their arrival in recent Windows operating systems, volume shadow copies have troubled forensic investigators. Many investigations place less value on, or even ignore items found in these files due to their complexity. The only known way of fully accessing the contents of volume shadow copies consumes a great deal of both time and storage. This can prove costly for investigator and client alike.
I’ve been doing a great deal of research into this and will be sharing my findings with the audience, including how to manually extract files from shadow volumes, how shadow volumes operate, and more.
Other speakers include:
- Jesse Kornblum of Mantech
- Keith Foggon of the FSA
- Ero Carrera of VirusTotal
- Jelle Niemantsverdriet of Verizon Business Security Solutions (friend of 4cast)
- Kristinn Gudjonsson of Information Security
It promises to be a great event (yes, even with me being there) so please register. More details of the summit can be found here:
SANS are also offering their great training courses before and after the conference too, be sure to check them out too.