In this week's SANS Case Leads, new tool pyMFTGrabber is out, a MiniFlame has been lit, learning a language and more.
If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to firstname.lastname@example.org
- The Sleuth Kit (TSK) 4.0 is out here.
- The Autopsy Forensic Browser is now at version 3.0
- pyMFTGrabber. grabs the MFT off a live, running NTFS system and sends it to a waiting netcat listener.. Here is a demo video on YouTube. showing the usage of this tool
- Harlan Carvey writes about his motivations behind creating Forensic Scanner. Read it here.
- Researchers at Kasperky Lab have discovered a new nation-state sponsored malware and are calling it MiniFlame.. This malware has ties to 2 other previously discovered espionage tools, Flame and Gauss.
- Over on the Journey Into Incident Response blog, Corey has posted an article titled "So You Wanna Be A DFIR Blogger". He shares his thoughts on what it takes to maintain a successful DFIR-related blog and gives some insight into what he learned in creating & maintaing his.
- Looks like the Tesla museum is going to be built at Wardenclyffe. The property on Long Island (NY) has already been purchased.
- There are those of us who have been attempting to or wanting to learn a programming language in an effort to help not only our examinations, but also the Digital Forensic Community at large. I just so happen to have fallen on the Python side of the fence, for no reason other than it seems to be a bit more structured than Perl and would probably be a bit easier for me to learn. I could care less about the Python/Perl "war". That said here are some links/things that can help you in your desire to learn programming.
- New book due out titled Violent Python by TJ O'Connor. I do not know the author, but the product description mentions "This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts." Might be helpful to those of us out there looking for a little nudge in getting ideas in writing our scripts.
- Check out Coursera from time to time. They have programming classes (free, registration required). I, and a few others, are currently enrolled in the "Learn to Program: The Fundamentals" course, which happens to use Python 3. I like the class so far and am planning on taking the follow up course.
- Finally, if anyone is interested in learning Python I have assembled a few Python related resources and I'm willing to share them. Just send me a DM and I'll share the Dropbox folder with you.
- E-Discovery Ireland conference Dublin, Ireland - Oct 26, 2012
- 4th International Conference on Digital Forensics & Cyber Crime - West Lafayette, IN - Oct 24 - 28, 2012
- SANS Chicago 2012 - Chicago, IL - Oct 27 - Nov 5, 2012
- Paraben Forensic Innovations Conference - Park City, UT - Nov 3- 7, 2012
- SANS San Diego 2012 - San Diego, CA - Nov 12 - 17, 2012
- SANS San Antonio 2012 - San Antonio, TX - Nov 27 - Dec 2, 2012
- Forensics@NIST 2012 - Rockville, MD - Nov 28 - 30, 2012
- IEEE International Workshop on Information Forensics and Security - Tenerife, Spain - Dec 2 - 5, 2012
- 2012 secau Security Congress - Perth, Western Australia - Dec 3 - 5, 2012
- SANS Cyber Defense Initiative 2012 - Washington, DC - Dec 7 - 16, 2012
- SANS Mobile Device Security Summit - Anaheim, CA - Jan 7 - 14, 2013
- SANS Virtualization & Cloud Computing Summit - Anaheim, CA - Jan 7 - 14, 2013
Call For Papers:
- 10th Australian Digital Forensics Conference - Due Sep 30, 2012
Joe Garcia is a Law Enforcement Officer with over 18 years of experience, the last 6 of which he has been assigned to conduct computer crime investigations and digital forensic examinations. He holds the GIAC GSEC Gold, GCIH & GCFA Silver certifications. You can follow Joe on Twitter at @jgarcia62