Friday, March 14, 2014

Daily Blog #265: Saturday Reading 3/15/14

Hello Reader,
          It's Saturday! If you are working the weekend than just think that all those annoying co-workers who normally bug you aren't there today! It's time to learn something new while you watch the progress bars flow on this weeks Saturday Reading.

1. We had another great Forensic Lunch today, I hope you will consider making time in your Friday to watch it live someday as I think its just way more fun live. You can watch it here:
https://www.youtube.com/watch?v=BtB8DA4dQ7s&list=UUZ7mQV3j4GNX-LU1IKPVQZg

This week we had in order of appearance:

Jake Williams, @malwarejake, talking about the results of the SANS Endpoint Security survey and the positions they are looking to hire at the Mayo Clinic for those of  you looking for senior DFIR positions!
You can also train with jake next month in Orlando and elsewhere, go here to see the classes he's teaching https://www.sans.org/instructors/jake-williams.
SANS/Guidance Endpoint Security Survey Webcast - http://bit.ly/1hYUYMU
Alissa's Memory Forensics Class - Orlando, http://bit.ly/1e0ZEkD
Jake's Log Management and Forensics Class - Orlando, http://bit.ly/PBqkQy
Jake and Alissa's Memory Forensics vLive class - http://bit.ly/1imyw0V

Brian Baskin, @bbaskin, talking about his research, blog (ghetto forensics), books (here is an amazon link), and his work at DC3 where they are looking for people interested in DFIR with a clearance who live in the Baltimore area! Reach out to him if you are interested.

Vladimir Katalov, @vkatalov, the CEO of Elcomsoft talking about upcoming research regarding iCloud key chain recovery from network traffic, Blackberry 10 backups, accessing cloud storage and which gpus work well for long term password cracking. You can go to elcomsoft's website here and these are my favorite tools they sell:
Elcomsoft Phone Password Breaker http://www.elcomsoft.com/eppb.html, great for cracking encrypted phone backups and accessing iCloud backups!
Elcomsoft iOS Toolkit, http://www.elcomsoft.com/eift.html, great for low level working in iOS forensics.
Elcomsoft password cracking bundle, http://www.elcomsoft.com/eprb.html, a nice collection of there password cracking tools

2.  Alissa Torres has a cool blog up on the SANS blog about carving network streams from memory dumps, check it out http://digital-forensics.sans.org/blog/2014/03/14/stream-based-memory-analysis-case-study.

3. A reminder there is still time to nominate your favorite DFIR software vendor, blogger, tool maker and personalities for Forensic 4:cast awards, Go here: http://forensic4cast.com/forensic-4cast-awards to nominate. Speaking as someone who was nominated and won an award last year I can say that it really does make the day of the person you nominate to even see their work recognized. So do the community a favor and nominate those who you feel deserve it!

4.  Colby Lahaie has a blog up involving his capstone research to fulfill his degree requirements over at Champlain. He's researching the what the cloud storage program Idrive leaves behind from a disk and network point of view. Keeping up with the cloud can be tough so I am always looking for more information, read it here: http://lahaie4n6.blogspot.com/2014/03/whats-life-like-in-clouds.html

5. Brian Moran has a new post up about lessons learned from his recent weeks in the field, http://brimorlabs.blogspot.com/2014/03/some-quick-lessons-learned.html. Learning lessons from others who are where you may be in the near future can save you a lot of trouble later.

6. Andrew Hay landed at Open DNS and wrote a blog post about life as a researcher, I like it! http://labs.umbrella.com/2014/03/10/only-easy-research-day-was-yesterday/

7. Hidden Illusion has a neat blog post up on using Yara to brute force Xor encoded strings, http://hiddenillusion.blogspot.com/2014/03/bruteforcing-xor-with-yara.html

8. Corey Harrell has a new blog up this week talking about how he got into DFIR, I hope someday to get Corey to come on the lunch and talk about himself and his work. http://journeyintoir.blogspot.com/2014/03/lose-yourself-in-dfir-music.html

That's all for this week, let me know if I missed anything either in the comments, twitter or email. I'm always looking for more good things to read!