Short post this week, as yours truly is under the weather. I hate colds, but they are far more miserable in the summer when the weather is beautiful.
It's con season. Last week was SANSFire, and this week started off with the Pen Test Summit, and FIRST and in the coming weeks we'll see the Forensics Summit (details below), Black Hat and Defcon. I love this time of year and can't wait to see what great tools and discoveries will be released in the coming months.
Tools:
- For anyone who has ever had to dig through the registry piecing together information about various USB devices that have been plugged into a system, here's a useful tool that will do the heavy lifting for you. That link will take you to a post that discusses the various registry artifacts in play and includes a link to the tool.
- Mandiant has released a new version of their Web Historian. The product now parses history for Firefox versions 2 and 3, Chrome and IE 5 - 8. I haven't had time to play with this yet, but have used the previous version. The broader browser support in this version will make it worth a look.
Good Reads:
- This week is the annual Forum of Incident Response and Security Teams Conference in Miami, Fl. There are a number of Security Twits at the conference who are using the hashtag #first2010 on Twitter. For some interesting reading, check out the tweets. The full conference program is available online, you can go there for more details on the presentations. I don't know if videos or slides will be released.
News:
- The U.S. Supreme Court has ruled in favor of a California Police Chief who read the transcripts of his employee's text messages. News of the ruling doesn't surprise me. These were not personal devices being used to send messages, rather they were paid for by the Police Department. If you want to keep your personal messages private, use your own personal device.
- Voting has begun for the 2010 Forensic 4Cast Awards. Last year's awards show was great fun and this year promises to be even better with the awards taking place in conjunction with this year's SANS What Works in Forensics and Incident Response Summit. As they say in Chicago, vote early and vote often.
Coming Events:
- SEC/FOR 408: Computer Forensic Essentials June 14th through June 18th in Salt Lake City.
- Gartner Security & Risk Management Summit 2010, 21 — 23 June 2010, Washington, DC [Note: your humble blogger will be covering the conference on The CyberJungle radio program]
- SEC/FOR 408: Computer Forensic Essentials July 26th through July 30th in Scottsdale.
- SEC/FOR 508: Computer Forensics Investigations and Incident Response July 5 though July 10; Den Haag.
- SANS What Works in Forensics and Incident Response Summit 2010 July 8th and 9th in Washington DC with Post Summit Courses available as well.
- DefCon — The World's Largest Hacker Conference, Las Vegas July 30th — August 1, Las Vegas
Digital Forensics Case Leads for 20100617 was compiled by Dave Hull, holder of many certs, wearer of many hats including incident responder, forensicator in the Fortune 500 and Community SANS Instructor.
