Saturday, November 16, 2013

Daily Blog #146: Saturday Reading 11/16/13

Hello Reader,
          It's Saturday and here in Utah is snowing snowing snowing! It's time for more links to make you think on our weekly reading list. So get some coffee and get comfortable because we've got some good reads this week.

1. This week's forensic lunch was pretty great, not only did we have a snowy background from my hotel window but Kristinn Gudjonsson and Ryan Benson joined us. Kristinn gave us an amazing demo of the new visualization module for Plaso and Ryan walked his through his Google Chrome internet browser research. You can watch it here, http://www.youtube.com/watch?v=frbHxkl0PKU, if you know of an easy way to turn these videos into podcasts please let me know in the comments!

2. I'm always excited when I see new content from appleexaminer.com, this entry was no exception. Ryan Kubasiak has put together a great read on OSX's default file system partition structure, formatting options and file systems supported for creation. Give it a read! http://www.appleexaminer.com/MacsAndOS/Img_Pwds/DLCS/DLCS.html

3. Interested in Bitcoin forensics? Jad over at Magnet Forensics has posted a part 2 to his article showing more artifacts relating to Bitcoin usage. This blog focuses on Bitcoin-QT a popular bitcoin client and how to find the associated artifacts, http://www.magnetforensics.com/bitcoin-forensics-part-ii-the-secret-web-strikes-back/.

4. I linked to it in the Forensic Lunch youtube description and we had a demo of it during the Forensic Lunch but I'm going to again include a link to Kristinn's blog here to emphasizes that you need to look at this visualization module they've made for Plaso http://blog.kiddaland.net/2013/11/visualize-output.html.

5. Harlan has a new post up covering tools he's interested in and more conference feedback from OSDF. It's a good read though I don't have much to add to the conversation there having not gone to OSDF. http://windowsir.blogspot.com/2013/11/tools-malware-and-more-conference.html

6. Chad Tilbury has a blog up on the Malware Analysis Quant Research Project. If you are interested in malware research you should go give it a read, http://forensicmethods.com/malware-analysis-quant-project. The post serves a good summary of what the project is and why it could be usefull to you with a link to the project itself. 

7.  X-ways has launched their own certification program called X-Pert. A time limited open book test where you have 3 hours to solve the questions asked of you from images provided. With a passing score of 80 you could be a certified X-pert in X-ways. I've been told the test is quite tough so read and prepare yourself before signing up! http://xwaysforensics.wordpress.com/2013/11/11/x-pert-certification-program/

8. Claus Valca has a pretty great post up describing what is in his IR triage drive, http://grandstreamdreams.blogspot.com/2013/11/anti-malware-response-go-kit.html. While he lists some great tools here, the most interesting thing to me was the idea of getting a USB key with a physical write switch to prevent malware from infecting his USB key. This is a great idea!

That's all for this week! Make sure to put some time on your calendar for this weeks Sunday Funday!