SANS Digital Forensics and Incident Response Blog

Tools

• ElcomSoft has updated their iPhone Password Breaker to support iOS 4.

Good Reads:

• Dominik Weber of Guidance Software has a very interesting writeup regarding acquisition of flash drives. The wear-leveling technology that is incorporated to extend the lifetime of flash devices can cause apparently random changes in hash values between acquisitions of the device, so it's important to take this into account. With the increasing popularity of SSD drives in computers, this will likely become increasingly important.

News:

• Not to be outdone by Guidance Software's acquisition of Tableau, Access Data announced that it is merging with CT Summation to provide an end-to-end software solution for eDiscovery.
• The forensics certification world is getting more crowded; CyberSecurity Institute is now offering CyberSecurity Forensic Analyst (CSFA) certification, adding more urgency for the need for consolidation and unification in the certification area.
• The Digital Forensics Certification Board is also working on a unifying certification; this one bears a lot of promise, especially considering the high quality of expertise backing it. More info on this one available here.
• Apple has an online seminar titled Mac for Computer Forensics & e-discovery - register and view the webinar here.
• Mobile Forensics World was held in Chicago 4-8 May. Photos and copies of presentations are now available.
• I'm reading Eoghan Casey's excellent book Digital Evidence and Computer Crime to prepare for the CCE exam later this summer. I spoke to Eoghan at SANSFire in Baltimore and he is hard at work on a new (third) edition of this book, and hopes to have it finished and ready for order by the end of the year. Great news - this is a book that belongs in your library if you don't already have it.
• Syngress (part of Elsevier) is seeking proposals on Legal Guide to Digital Forensics. The proposal form is here. For more information, contact @angelinaward.

Coming Events:

• Gartner Security & Risk Management Summit 2010, 21 — 23 June 2010, Washington, DC [Note: Dave Hull will be covering the conference on The CyberJungle radio program]
• FOR 408: Computer Forensic Essentials 26-30 July in Scottsdale AZ.
• FOR 508: Computer Forensics Investigations and Incident Response 5 - 10 July; Den Haag, Netherlands.
• Time is running out to participate in the 6th Network Forensics Puzzle Contest! Winners will be announced at the Forensics Summit.
• SANS What Works in Forensics and Incident Response Summit 2010 8 & 9; Washington DC. All the post-summit courses are sold out, but waiting lists are available.
• DefCon — The World's Largest Hacker Conference, Las Vegas July 30th — August 1, Las Vegas [Note: Ira Victor will be covering the conference on The CyberJungle radio program]
• FOR 408 Computer Forensics Essentials at SANS Boston, 2-9 August.
• FOR 508 Computer Forensic Investigations and Incident Response at SANS Portland 23-28 August.
• FOR 558 Network Forensics at SANS Virginia Beach 29 August - 2 September.

(A word to the wise: The Forensics classes are some of the most popular SANS classes, and they often sell out quickly. Be sure to sign up promptly to avoid disappointment!)

Digital Forensics Case Leads for 20100624 was compiled by Ray Davidson, PhD, CISSP, GFCA, ETC, assistant professor at Purdue Calumet, SANS Mentor and serial facilitator, and principal at Vigil Inc.