Friday, October 4, 2013

Daly Blog #104: Saturday Reading 10/5/13

Hello Reader,
        The week is over! Another week has passed and hopefully it left you with success and knowledge of problems solved and cases closed. It's time for another list of must click links to those things that I came my way this week. Take your shoes off and grab a coffee, it's time for Saturday Reading.

0. Here is the link to download the image for tomorrow's Sunday Funday challenge!

1. We had a pretty great Forensic Lunch yesterday. James Lohman, Kyle Maxwell and Darren Windham gave up their lunch hour to talk in a moderated discussion about IR. We had some great questions from the live audience and talked so much that we didn't finish the topic. Watch Part 1 here and tune in live next week when we resume the discussion, hopefully with more IR people to join in! If you want to join us on the forensic lunch to talk about IR and your perspectives email me at dcowen@g-cpartners.com.

2. If you've read the blog, the books or attended any of my conference sessions you know I am pretty passionate about digital forensics and trying to get more people to join the industry. In that light I was happy to be part of a group of professionals who assisted Zoltan Szabo and others at Richland in creating a skill standard for digital forensics, http://www.tssb.org/sites/default/files/wwwpages/repos/pdfiles/DigitalForensicsSS.pdf. This document will be used by two year degree programs in the state of Texas to craft associate degree plans in digital forensics.

3. If you are unfamiliar with IOCs (Indicators of Compromise) Mandiant has a nice write up this week explaining their use and function, https://www.mandiant.com/blog/openioc-basics.

4. If you have been looking to get more in depth in your imaging and analysis of Android phones but want to go the FOSS route ViaForensics has a nice webinar video up, https://viaforensics.com/android-forensics/howto-complete-logical-examination-android-foss-tools-webinar-video.html.

5. Jake Williams @malwarejake has a good couple of blogs up right now about bug bounty systems after the fallout from the Yahoo tshirt coupons offered to researchers. You can read the latest here http://malwarejake.blogspot.com/2013/10/are-bug-bounties-ever-bad-idea.html 

6. Chrome is again changing, this time ditching a pretty great artifact that many of us have been utilizing, http://www.obsidianforensics.com/blog/history-index-files-removed-from-chrome/ read the blog to learn about the end of the history index databases.

7. Over on Justaskweg.com there is a really cool post on how to use Vmware to boot a suspect drive that is still hooked up to a write blocker, http://justaskweg.com/?p=1381. This is a great solution when you don't have time to clone, virtualize and get it going.

8. I am one of a growing number of weird windows phone users, so this article was interesting to me http://resources.infosecinstitute.com/windows-phone-digital-forensics/?goback=.gde_1883967_member_277154297#!. It's a good first step into developing a good process for dealing with these phones, though with version 8 there is now bitlocker by default to deal with as well!

That's all for this week, did I miss your link? Then send me a message and let me know you are out there so I can start reading your blog/article/magazine too!