Sunday, June 23, 2013

A daring experiment!

Hello Readers,
                  I attended my first SANSfire, and to be honest first SANS event, this week. If you've been following my tweets (that is weird to type out, but... that's our world now) you would have seen that I've signed up to write a SANS course along with Alissa Torres and Jake Williams called 'Offensive Forensics' known in sans terms as FOR 668. I'm very excited about this class as it will be the outlet of all the file system journaling research that you've seen demos of applied in real and practical ways. The class won't be out until next year but we've officially begun work on it and I think everyone dealing with advanced adversaries (internal or external) will benefit from it.

I'll write more about the class later but now onto the point of this blog post. Spending a week at SANSfire I got to spend the week talking to fellow SANS faculty and my coauthors which lead me to hear about Lenny Zeltser's year long daily blogs. I was intrigued by the idea, I am terrible at regular blogging as I try to think up important things to talk about and new research that I feel I can disclose. In a discussion though Rob Lee pointed out that most people don't need the bleeding edge from a daily read, they just want more information into how things work forensically and interesting topics/stories.

So with that in mind, I am going to begin a mission to write one blog entry a day for the next year with the idea that whether long or short I'll just keep passing along those things that I think are interesting, important, misunderstood, etc... as well as updates on the new book (Hacking Exposed Computer Forensics 3rd Edition) and the new course as we move forward.

So at this point I am going to turn it over to you, reader. What do you want to know about? I don't want to resort to recipes (which my wife says is what people actually want to read) so I'm hoping you can shed some light and what actually interests you!

Please leave a comment below, I allow anonymous comments, and lets talk. I would like this to be experiment that benefits the community as a whole.