SANS Digital Forensics and Incident Response Blog: Tag - publishing

Keep on Moving

I know nothing. That's the only conclusion I can draw from my four years in the field thus far. Every time I work on a new case I learn something. Most of the time these are little morsels of forensicating goodness but occasionally these things are so immense that I believe that my findings are worthy of sharing with the world. Of course, then I log on to the SANS Digialt Forensics Blog and find that someone else has typically beaten me to it.

As many of you may already know I have spent some months investigating and analysing volume shadow copies (difference files) in Windows 7 and Vista. The result of this is that I have found how these files are structured and can manuallydissect these files to find valuable data. I have shared these findings on both my website and in several presentations. Now my question to you is this:What would have happened if I hadn't shared my findings? Stretching further, in what state would digital forensics be if people like Rob Lee, Harlan

... Continue reading Keep on Moving