Saturday, February 8, 2014

Daily Blog #230: Saturday Reading 2/8/14

Hello Reader,
           For most of the US it's dang cold outside, so close the curtains and put on a 10 hour youtube yule log video to stay warm on the roku. Make yourself a hot drink and get ready for more links to make you think in this weeks Saturday Reading.

1. Forensic Lunch, #1 on the list and #1 in my heart, was pretty fantastic this week, we had:
Robert Wallace & Matt Bromiley from talking about how they are using elastic search to work with big data breaches

Willi Ballenthin,+Willi Ballenthin talking about his work in DFIR and he's recently released tools working with NTFS. You can read Willi's blog here: http://www.williballenthin.com/ and follow him on twitter @williballenthin


Brian Moran,+Brian Moran talking about his work in memory forensics, POS Malware and other fun topics. You can read Brian Moran's blog here: and follow him on twitter @brianjmoran and on Google+ +Brian Moran
Watch it here: http://www.youtube.com/watch?v=wS37kMXyvOc

2.  SANS has released the answers to their memory challenge, let's see if you got it right! http://digital-forensics.sans.org/blog/2014/02/08/apt-memory-and-malware-analysis-solution

3. Willi Ballenthin has two interesting posts up discussing how we can make tools that could work better with each other. The first http://www.williballenthin.com/blog/2014/02/07/towards-better-tools-part-1/ and the second http://www.williballenthin.com/blog/2014/02/08/towards-better-tools-part-2/ should be good fodder for those of you thinking about making/sharing your own tool.

4. Jason Hale has written up a blog to release a batch script that will pull device install events from event logs, http://dfstream.blogspot.com/2014/02/usb-device-tracking-batch-script.html. While you shouldn't rely on it soley its the only tool that I know of right now that's automating the event log aspect of USB device analysis.

5. Dan Pullega has a new post up this week, part of a series he's calling 'forensics quickies' It's not very quick but its a good read for those of you who need a refresher on the recent docs key. http://www.4n6k.com/2014/02/forensics-quickie-pinpointing-recent.html

6. Lee Whitfield has a new website up all about defending our digital freedoms, http://ourdigitalfreedom.com/?p=26. You should give it a read and see what your thoughts are.

7.  Brian Moran has a new post up this week analyzing the 'chewbacca' POS malware, if you watched the forensic lunch you know that Brian bought a POS at a thrift shop (but for more than $20) and has been doing some interesting testing and research on it. http://brimorlabs.blogspot.com/2014/02/chewbacca-vs-open-source-tools-maybe.html

8. Jake Williams has a new blog up this week all about how to fail at secure communications on your team when an incident is occurring, http://malwarejake.blogspot.com/2014/02/how-to-fail-at-incident-response.html. This is a valuable lesson that you are better learning from others rather than from your own mistakes.

Make sure to come back tomorrow for another Sunday Funday!