In this week's SANS Case Leads, we have a python script for parsing the Master Boot Record, a question of USB drive serial number uniqueness, some VSC goodness and some other stuff ;-)
If you have an item you'd like to contribute to Digital Forensics Case
Leads, please send it to caseleads@sans.org
Tools:
- Jamie Levy (@gleeda) posted a script that she wrote that parses the MBR in order to help find MBR infectors. Read Jamie's Blog post. Grab the script here.
- Jason Hale came up with a GUI front-end for Corey Harrell's batch scripts used to rip/examine Volume Shadow Copies, called VSC Toolset
- DEFT Linux 7.1 was released earlier this month. Read the announcement.
Good Reads:
- Mike Ahrendt gave some insight into his experience with his Education in Digital Forensics
- A new blog called Malware Analysis Blog has a tutorial on how to isolate your analysis VM from your host machine. Read about it here.
- Interesting post on the digfor blog regarding the uniqueness of USB Flash drive serial numbers.
- Harlan Carvey posted his thoughts on how specializing in sub-disciplines within Digital Forensics is not really such a good idea. Read the post titled Convergence.
Links:
- Chad Tilbury (@chadtilbury) put together a Memory Forensics Cheat Sheet which focuses on the use of Volatility. Grab version 1.0 here.
Levity
- The Oatmeal has posted it's State of the Web, Spring 2012 Edition.
Coming Events:
- SANS Cyber Guardian 2012 - Baltimore, MD - April 30 - May 7, 2012
- SANS AppSec 2012: Summit & Training-Las Vegas, NV - April 24 - May 2, 2012
- 7th ACM Symposium on Information, Computer and Communications Security - Seoul, South Korea - May 1 - 3, 2012
- SANS Secure Europe 2012 Amsterdam - Amsterdam, Netherlands - May 5 - 19, 2012
- AccessData User's Conference - Las Vegas, NV - May 08 - 10, 2012
- SANS Security West 2012 - San Diego, CA - May 10 - 18, 2012
- 14th Information Hiding Conference - Berleley, CA - May 15 - 18, 2012
- IEEE Symposium on Security & Privacy - San Francisco, CA - May 20 - 23, 2012
- Computer Enterprise and Investigation Conference - Summerlin, NV - May 21 - 24, 2012
- SANS Brisbane 2012 - Brisbane, Australia - May 21 - 26, 2012
- 2012 ADFSL Conference on Digital Forensics, Security and Law - Richmond, VA - May 30 - 31, 2012
- Techno Security 2012 Myrtle Beach, SC - June 03 - 06, 2012
- Mobile Forensics Conference - Myrtle Beach, SC - June 03 - 06, 2012
- 27th IFIP International Information Security and Privacy Conference - Heraklion, Crete, Greece - June 04 - 06, 2012
- Audio Engineering Society Audio Forensics - Denver, CO - June 14 - 16, 2012
- 24th Annual FIRST Conference - Malta - June 17 - 22, 2012
- Sans Forensics and Incident Response Summit - Austin, TX - June 20 - 27, 2012
- SANS Canberra 2012 - Canberra, Australia - July 2 - 10, 2012
- SANSFIRE 2012 - Washington, DC - July 6 - 15, 2012
- Symposium On Usable Privacy and Security (SOUPS 2012) - Washington, DC - July 11 - 13, 2012
Call For Papers:
- 7th USENIX Workshop on Hot Topics in Security (HotSec '12) - Due May 07, 2012
- 7th IEEE LCN Workshop on Security In Communication Networks - Due May 12, 2012
- Grrcon - Due June 01, 2012
- Applied Computer Security Applications Conference - Due Jun 01, 2012
- 4th International Conference on Digital Forensics & Cyber Crime - Due Jun 01, 2012
- IEEE International Workshop on Information Security and Forensics - Due Jun 24, 2012
- 2012 secau Security Congress - Due Sep 30, 2012
Joe Garcia is a Law Enforcement Officer with over 18 years of experience, the last 6 of which he has been assigned to conduct computer crime investigations and digital forensic examinations. He holds the GIAC GSEC Gold, GCIH & GCFA Silver and AccessData ACE certifications. You can follow Joe on Twitter at @jgarcia62
