Hello Reader,
It's Saturday! Time to rock out with your dongle out as we get down to some forensic goodness.
1. We had the third and final IR roundtable on the forensic lunch yesterday, watch it here http://www.youtube.com/watch?v=7UZnJ5m5aLc and make sure to tune in live next week 11/1/2013 at noon central.This week we covered the end of the IR lifecycle with remediation, how to communicate with teams during an IR and more.
2. If you use both Encase and IEF make sure to read this post on creating logical evidence files from the data recovered by IEF so it can be brought in directly, http://www.forensicfocus.com/News/article/sid=2108/.
3. Lance Mueller has a good post up listing out those tools he makes use of and establishing a hierarchy of tools in his arsenal, http://www.forensickb.com/2013/10/what-tier-2-tier-3-tools-do-you-load-on.html, its a good way to think about the tools you use and please comment on Lance's post if you use any additional tools.
4. I read the cyb3rcrim3 blog but only really include it here with it involves an interesting civil case, this week we have a winner http://cyb3rcrim3.blogspot.com/2013/10/the-contractor-login-and-computer.html. This case involves a dispute between a contract developer and his client and the rash steps he took when he didn't receive payment, namely locking his client out of the system he developed for them. This is a good read with many implications for those of you freelancing out there to remind you not to give in to that bad idea.
5. If you are doing IR and want to be able to search for possible exploits to known ports/errors within logs on systems you are triaging Corey has a new custom Google search for you called Vulnerability Search http://journeyintoir.blogspot.com/2013/10/re-introducing-vulnerability-search.html.
6. Lastly this week a short article from DFI News talking about ways to become a more credible witness, http://www.dfinews.com/articles/2013/10/gain-credibility-courtroom, I'll want to talk about this more next week :)
Stay tuned for another Sunday Funday tomorrow!
It's Saturday! Time to rock out with your dongle out as we get down to some forensic goodness.
1. We had the third and final IR roundtable on the forensic lunch yesterday, watch it here http://www.youtube.com/watch?v=7UZnJ5m5aLc and make sure to tune in live next week 11/1/2013 at noon central.This week we covered the end of the IR lifecycle with remediation, how to communicate with teams during an IR and more.
2. If you use both Encase and IEF make sure to read this post on creating logical evidence files from the data recovered by IEF so it can be brought in directly, http://www.forensicfocus.com/News/article/sid=2108/.
3. Lance Mueller has a good post up listing out those tools he makes use of and establishing a hierarchy of tools in his arsenal, http://www.forensickb.com/2013/10/what-tier-2-tier-3-tools-do-you-load-on.html, its a good way to think about the tools you use and please comment on Lance's post if you use any additional tools.
4. I read the cyb3rcrim3 blog but only really include it here with it involves an interesting civil case, this week we have a winner http://cyb3rcrim3.blogspot.com/2013/10/the-contractor-login-and-computer.html. This case involves a dispute between a contract developer and his client and the rash steps he took when he didn't receive payment, namely locking his client out of the system he developed for them. This is a good read with many implications for those of you freelancing out there to remind you not to give in to that bad idea.
5. If you are doing IR and want to be able to search for possible exploits to known ports/errors within logs on systems you are triaging Corey has a new custom Google search for you called Vulnerability Search http://journeyintoir.blogspot.com/2013/10/re-introducing-vulnerability-search.html.
6. Lastly this week a short article from DFI News talking about ways to become a more credible witness, http://www.dfinews.com/articles/2013/10/gain-credibility-courtroom, I'll want to talk about this more next week :)
Stay tuned for another Sunday Funday tomorrow!