Wednesday, October 10, 2012

Quick Check-in

Hello everyone. I'm back for yet another blog post after a long absence. I wanted to post a great big giant THANK YOU to all the great open source forensic projects out there. You all are my heroes and I truly appreciate all that you make available to the digital forensics community.

I've been very busy as of late working on a case I was hired for and recently concluded. I wish I could tell about it as it's kind of interesting. Unfortunately, the most interesting parts are the things I really can't talk about. I'll just call it an employee misuse of company computer situation and leave it at that.

Among other things, the employee in question was using his company owned laptop to surf various types of porn, as well as using MS Word to do a little amateur porn story authoring. There were allegations of some financial misdeeds as well and I recovered a large number of files to help them conduct their investigation.

I relied in no small part on the knowledge I've gained from such books as the Windows Forensic Analysis series and Digital Forensics with Open Source Tools in working this case. Furthermore, I stand grateful to all the free and open source tool authors out there whose work benefited me greatly. Such awesome programs as Log2Timeline, RegRipper, the Sleuth Kit and the SANS SIFT Workstation virtual machine were huge help to me in this and most all my other cases.

The super awesome Volatility Framework crew has been rocking the proverbial house this month with their Month of Volatility Plugins. First, Volatility 2.2 was released at the beginning of this month and they're releasing tons of new plugins all month long. The blog posts at the official Volatility Labs blog accompanying these releases are just incredible. A great thank you and salute in no particular order to AAron, Jamie (Gleeda), MHL, Andrew and everyone else involved for using your talents to produce one of the greatest software projects ever and an amazing blog.

I've had the opportunity to do some public speaking lately and find I'm really enjoying it. Public speaking used to make me quite nervous, but I'm pretty comfortable with it these days. I've spoken to one group on protecting your home computer from malware, etc, while I did a training session on Identity Theft this week for a local bank. In both cases, I decided not to use Powerpoint or other visual aids. I believe it was Harlan Carvey at the WACCI conference a couple years ago who called the Powerpoint-free presentation "going commando." I liked that term and I enjoyed his presentation that day. It's fun to speak and interact with the crowd and I find I do a better job of that when I'm not using visual aids to distract me. Besides, I'm terrible at making PP slides anyway, so I'm better off going commando for that reason as well.

That's all I've got for now. Now that I've got a little more free time, I have a couple forensics related projects I hope to get started on. I hope to be back with new blogs posts about them "soon."