Thursday, March 20, 2014

Daily Blog #270: Bsides Austin 2014

Hello Reader,
           I had a great time today at Bsides Austin. When I come to conferences that are primarily information security focused I feel like an ambassador to the world of DFIR. I always try to explain to them what lead me out of the infosec world and into DFIR and why I feel its a better place long term. I gave the same talk here that I did at Bsides DFW but to tell the truth, I didn't stick to the slides very much. I took the time to explain whats possible with filesystem journal forensics and then extend that with other operating system artifacts for NTFS/HFS+ and EXT3 so they could understand what possible now.

I was very encouraged the majority of the audience identified themselves as doing some kind of incident response and got the concepts I was going over. I also didn't get the 'how would you defeat truecrypt if someone says they forgot their password' question until the last 5 minutes, you know you are 'that guy'! So with all of that being said I hope that some people are interested into joining the ranks of DFIR professionals as we all know we need more of us! Here is a link to download today's slides for those of you who wanted to focus more on the data structures I didn't cover.

https://drive.google.com/file/d/0B_mjsPB8uKOAdlJKd19Zc1MybVE/edit?usp=sharing

And here is the signup form for the last month of the Triforce beta:
https://docs.google.com/forms/d/1GzOMe-QHtB12ZnI4ZTjLA06DJP6ZScXngO42ZDGIpR0/viewform