First of all I know that some people will argue about my use of the word ‘must’ but I stand by it. Yes there are other conferences that you can attend but the SANS Forensic Summit will have presentations and panels with some of the most respected people in the fields or digital forensics and incident response. These people will be sharing their real-world experiences with us. The sharing of these experiences means that we can all learn and grow together as a field.
A couple of weeks ago I wrote a post about how there is a growing trend for forensic investigators to feel like they know enough and that there is little else to learn. I defy anyone to attend this summit and walk away not feeling as if they have a lot more to learn.
That being said, what will be discussed at this summit? I’m not going to give a summary of every presentation and panel, but I’m going to provide you with some of the highlights that I’m looking forward to.
Harlan Carvey will be presenting on Registry and Timeline Analysis. If you know Harlan or have used Regripper you know that this is Harlan’s area of expertise. What a tremendous opportunity to learn straight from one of the best in the field.
Jeff Hamm and Robert Shullich are presenting on the dissecting of the exFAT file system. I’m personally very interested to hear all about this.
Troy Larson of Microsoft (a small Seattle -based software company) will be presenting on forensic issues relating to Windows 7. With Windows 7 taking an increased percentage of the OS market we can’t afford to stand by and ignore these issues.
Jesse Kornblum will be presenting on fuzzy hashing. A key method of identifying known data. Should be a great presentation.
And that leaves me. Of course I’m going to talk about my presentation the most, mostly because I’m a shameless self-promoter, but also because I believe my presentation has significant value. My presentation ‘Shadow Warriors’ will take place from 3:20pm until 4:20pm on the second day. I will be presenting with Mark McKinnon of Red Wolf Computer Forensics. Our presentation will focus on how to manually dissect Microsoft ‘difference files’ (commonly known as volume shadow copies), but this is not all. We will also be demonstrating our upcoming forensic software ‘Shadow Analyser’. It is well worth your time to go to the summit just for this presentation 😉
There are many other reasons to attend but one more item that I want to discuss (again due to the shameless self promotion) is the Forensic 4cast Awards. This event will take place on the evening of the first day and will be fantastic. Speaking of which don’t forget to post your nominations and votes.
The SANS Forensic Summit 2010 will take place on 8th and 9th July 2010 at the Fairmont, Washington DC. Full details can be found at http://www.sans.org/forensics-incident-response-summit-2010/. Hope to see you there.