SANS EU Forensic Summit 2010


Three posts in as many days? No your eyes are not deceiving you, I’ve just had a few things to talk about this week.

On 19th and 20th April 2010 the first SANS EU Forensic Summit is taking place in London and I’m going to be speaking. Not only am I speaking but I’ll also be hosting Forensic 4cast in front of a live audience for the first time.

Simon would be joining me but he’ll be away on a cruise. I often say that Simon is an old man trapped in a young man’s body and I think he proves this to me over and over again.

The topic of my talk is “Into the Shadows” in which I’ll be discussing recovering data from Windows Shadow Volumes.  The abstract of my presentation is as follows:

Since their arrival in recent Windows operating systems, volume shadow copies have troubled forensic investigators. Many investigations place less value on, or even ignore items found in these files due to their complexity. The only known way of fully accessing the contents of volume shadow copies consumes a great deal of both time and storage. This can prove costly for investigator and client alike.

I’ve been doing a great deal of research into this and will be sharing my findings with the audience, including how to manually extract files from shadow volumes, how shadow volumes operate, and more.

Other speakers include:

  • Jesse Kornblum of Mantech
  • Keith Foggon of the FSA
  • Ero Carrera of VirusTotal
  • Jelle Niemantsverdriet of Verizon Business Security Solutions (friend of 4cast)
  • Kristinn Gudjonsson of Information Security

It promises to be a great event (yes, even with me being there) so please register.  More details of the summit can be found here:

http://www.sans.org/eu-forensics-incident-response-summit-2010/

SANS are also offering their great training courses before and after the conference too,  be sure to check them out too.


3 responses to “SANS EU Forensic Summit 2010”

  1. Lee, that is really great that you are doing some public speaking. The shadow volume topic looks interesting. Doing this presentation can only increase your reputation in the computer forensics community.

    As for Waldo, we can only wish him a entertaining punt down the Thames. http://www.citycruises.com/ On a pensioner’s dole of £84 per week, he might not be able to afford a roundtrip http://www.globaltraveldeals.co.uk/index.phtml?command=super-deals-details&id=2199.

Leave a Reply to IR and forensic talk » SANS EU Forensics Summit Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.