Monday, December 22, 2008

YACFB - Yet another computer forensics blog

Hello readers,
after recently searching for new tools and techniques I found Harlan Carvey's blog and this blog. I had no idea outside of the Encase support forums, smart support forums, and local HTCIA groups that there was a discussion of new findings. I am one of the co-authors of Hacking Exposed: Computer Forensics (second edition is being written as we speak) and a partner at G-C Partners, LLC where I perform computer forensics services in civil litigation. I've been doing computer forensics for civil litigation since 1999 and I have built a repository of information and tools over the years that I hope will help others in the community to solve and document their own investigations.

I am a Dallas, Texas based Perl programmer, I have your books Harlan, a computer forensics examiner and a testifying expert of many years. I plan to fill this blog with tools, information, and case studies on closed litigation (I've been told discussing active litigation is frowned upon). I hope you find something useful and feel free to comment if you have questions.

My first real investigation in 1999 started when I was still primarily doing network security at Enstar Networking (now closed), and it involved a rogue ex-CTO who decided to install key loggers across the other executives systems to make sure his agenda got pushed forward. The investigation was not difficult as he did not expect anyone to seize his system and being well organized had folders made not only for the decrypted key logs that were being emailed to him but also for the receipts that included the key logger he purchased. What was interesting was the key logging itself was not a terminable offense, rather the letter to his parole officer in new york state was. Why? because he never disclosed that he had a class b felony to his employer nor did he disclose that he believed he overpaid his restitution as he wrote to his parole officer.

From this investigation I was introduced and asked to speak at our local high tech crime investigation association chapter and got introduced to the computer forensics community I didn't know existed.