SANS Digital Forensics and Incident Response Blog: Author - Eric Huber

Stop, Children, What's That Sound?

Making Use of a Super Timeline

I won't go over how to create a Super Timeline since Rob has already covered that as a high level in on the SANS Digital Forensics Blog. What I've been working on recently is how to best make use of the resulting timeline. I have also discovered some interesting artifacts that never occurred to me to consider as part of a timeline.

What I've learned is that creating a Super Timeline is only the beginning of timeline analysis. Because the Super Timeline method captures so many time stamps, it islikely that a SuperTimeline will contain too many entries to manually review line by line especially if an examiner creates a timeline for an entire drive image.The challenge is to be able to pin down what portions of that timeline are relevant to the examination at hand.

What I recommend

...


Forensic 4cast Award Results

Lee Whitfield of Forensic 4cast presented the 2nd annual Forensic 4cast awards last night at the SANS Forensics and Incident Response Summit. You can find the SANS webcast of the awards here. The actual awards were provided by the fine people at Disklabs. Thanks very much to Lee Whitfield and Disklabs for everything they did to bring the awards together!

Outstanding Contribution to Digital Forensics - Individual
Rob Lee

Outstanding Contribution to Digital Forensics - Company
SANS

Best Digital Forensics

...


Forensic 4cast Awards Voting Has Opened

The voting has opened for the Forensic 4cast awards. You can castyour votes here.

The voting will close on July 6th and the winners will be announced atthe SANS Forensics and Incident Response Summit which will be held onJuly 8th and 9th in Washington, DC.

The nominees are as follows:

Outstanding Contribution to Digital Forensics - Individual
Lee Whitfield
Rob Lee
Kristinn Gudjonsson
Matt Shannon

Outstanding Contribution to Digital Forensics - Company
Guidance Software
SANS
F-Response (Agile Risk Management)

Digital Forensics Blog
Windows Incident Response
SANS
Happy as a

...