• SANS EU Forensic Summit 2010

    Posted on January 23, 2010 by Lee Whitfield in News.

    Three posts in as many days? No your eyes are not deceiving you, I’ve just had a few things to talk about this week.

    On 19th and 20th April 2010 the first SANS EU Forensic Summit is taking place in London and I’m going to be speaking. Not only am I speaking but I’ll also be hosting Forensic 4cast in front of a live audience for the first time.

    Simon would be joining me but he’ll be away on a cruise. I often say that Simon is an old man trapped in a young man’s body and I think he proves this to me over and over again.

    The topic of my talk is “Into the Shadows” in which I’ll be discussing recovering data from Windows Shadow Volumes.  The abstract of my presentation is as follows:

    Since their arrival in recent Windows operating systems, volume shadow copies have troubled forensic investigators. Many investigations place less value on, or even ignore items found in these files due to their complexity. The only known way of fully accessing the contents of volume shadow copies consumes a great deal of both time and storage. This can prove costly for investigator and client alike.

    I’ve been doing a great deal of research into this and will be sharing my findings with the audience, including how to manually extract files from shadow volumes, how shadow volumes operate, and more.

    Other speakers include:

    • Jesse Kornblum of Mantech
    • Keith Foggon of the FSA
    • Ero Carrera of VirusTotal
    • Jelle Niemantsverdriet of Verizon Business Security Solutions (friend of 4cast)
    • Kristinn Gudjonsson of Information Security

    It promises to be a great event (yes, even with me being there) so please register.  More details of the summit can be found here:

    http://www.sans.org/eu-forensics-incident-response-summit-2010/

    SANS are also offering their great training courses before and after the conference too,  be sure to check them out too.

3 Responsesso far.

  1. […] This post was mentioned on Twitter by sansforensics and Big Kahuna, Forensic 4cast. Forensic 4cast said: New Post: I'll be at the SANS EU Forensic summit. Will you? http://forensic4cast.com/?p=515 […]

  2. Lee, that is really great that you are doing some public speaking. The shadow volume topic looks interesting. Doing this presentation can only increase your reputation in the computer forensics community.

    As for Waldo, we can only wish him a entertaining punt down the Thames. http://www.citycruises.com/ On a pensioner’s dole of £84 per week, he might not be able to afford a roundtrip http://www.globaltraveldeals.co.uk/index.phtml?command=super-deals-details&id=2199.

  3. […] hashing, Keith Foggon’s discussions about trends and techniques and Lee Whitfield’s Windows Shadow Volumes […]

Leave a Reply

Your email address will not be published. Required fields are marked *