Saturday, November 2, 2013

Daily Blog #132: Saturday Reading 11/2/13

Hello Reader,
               It's Saturday and I'm at BSIDES DFW getting ready to speak at 11am CST. I'll be uploading my slides when I'm done as usual so welcome BSIDES attendees. It's time for another set of links that make you think on this saturday reading.

1. What was yesterday Friday? It was, that means we had a Forensic Lunch! You can watch it here http://www.youtube.com/watch?v=CS2NT_WlEdw and see David Dym, Rebecca Henderson, Kevin Stokes, Lee Whitfield and myself talk about setmace, lab certification, extended metadata dumping with com and shell, manual mobile forensics and the DFIR internship process.

2. There is a new version of Plaso available you can read about it and download it here,  http://blog.kiddaland.net/2013/10/halloween-brings-with-it-riding-witches.html. While I mourn the loss of log2timeline as a perl monk I do recognize how much better Plaso is becoming.

3. What's that a registry forensics course from our favorite NOLA forensic people? Andrew Case, Joe Sylve and Vico Marziale have created a video course to be hosted on hacker academy, you can read about it here. http://blog.hackeracademy.com/info-center/videos/utilizing-the-registry-for-forensics-ir-and-malware-analysis/.

4. Jake Williams has a new blog up http://malwarejake.blogspot.com/2013/10/disclosure-policies-vs-security.html talking about disclosure policies versus security researches, its a good read. Even though we as DFIR people don't publish security exploits we do have something similar when we find privacy related data within applications that were not previously known. We will have to see as time continues if we as a community decide how we should disclose forensic artifacts.

5. Harlan has a new blog up with links himself but with a more thorough write up then I do, http://windowsir.blogspot.com/2013/10/links.html

6. Craig Ball has a post up about Gmail collection, if you are looking for a best practice on how to do so give it a read http://ballinyourcourt.wordpress.com/2013/10/29/collecting-gmail-for-preservation/

7. Volatility 2.3, my favorite memory forensics tool, http://volatility-labs.blogspot.com/2013/10/volatility-23-released-official-mac-os.html is out! Go grab it and give the notes a read.

8. Looking for more blogs to follow, like way more? Check out Mary Ellen' post here http://manhattanmennonite.blogspot.com/2013/10/some-links-i-follow.html and download her package of 400 sum infosec/ir/malware/forensics blogs!

That's it for this week. Did you put out something that I missed? Want to make sure you blog is included in my Saturday Reading? Drop me a line dcowen@g-cpartners.com or leave a comment as I'm always looking for more research material! 

Get ready for tomorrow's Sunday Funday!