Daily Blog #286: Saturday Reading 4/5/14

Saturday Reading by David Cowen - Hacking Exposed Computer Forensics Blog


Hello Reader,
                 It's Saturday! After another long week on the DFIR road I hope your canceled flights get you home on time and with good in flight wifi. It's time for more links to make you think with in this week's Saturday Reading.

1. We had a fun forensic lunch this week! This week we had:
Dave Hull from Microsoft, you can follow Dave on Twitter @davehull , his blog http://trustedsignal.blogspot.com/ and on github https://github.com/davehull.
You should come to the SANS DFIR Summit and see him there as well!

Vico Marizale or Joe Sylve from 504ensics came back for their 3rd week of commitment! @vicomarziale and @jsylve. You should get involved with their new registry timestamp project by emailing them info@504labs.com to get their tool and start helping to discover unknown registry timestamps!

If you are not going to ADUC or CEIC you should also consider going to B-Sides NOLA, learn more about it here: 
http://www.securitybsides.com/w/page/71231585/BsidesNola2014

Watch the forensic lunch here: https://www.youtube.com/watch?feature=player_embedded&v=Knr_rdLbgk0

2.  Harlan has a new blog post this week with an update on what he's up to , where he's going to be speaking,an update on the 4th edition of WFA, regripper and some research he's found interesting, http://windowsir.blogspot.com/2014/04/whats-up.html

3. Yogesh Khatri has a new blog post up on the return of thumbcache.db files in Windows 8, http://www.swiftforensics.com/2014/04/windows-8-thumbsdb-files-still-same-and.html. Windows 8 systems are coming to an examination near you so start catching up!

4. Lee Whitfield has posted a blog explaining who all of the nominee's of Forensic 4cast awards are this year, http://forensic4cast.com/2014/04/2014-forensic-4cast-awards-meet-the-nominees/. I'm there twice!

5. Are you a Linux person who wishes they could run RegRipper without wine? Wish no more as Willi Ballenthin has figured out how to do it, for Debian atleast http://www.williballenthin.com/blog/2014/04/02/regripper-on-linux/

6. Yogesh Khatri has been busy this week, he has a second post up on Windows 8 search history forensics, http://www.swiftforensics.com/2014/04/search-history-on-windows-8-and-81.html

7. Anuj Soni has a new post on the SANS DFIR Blog, http://digital-forensics.sans.org/blog/2014/03/31/the-importance-of-command-and-control-analysis-for-incident-response. He explains the value and importance of C2 analysis in your malware investigations.

8. In what Dan Pullega calls a forensic quickie, which is a long post for anyone else!, he explains the value of source code analysis in your dynamic analysis http://www.4n6k.com/2014/03/forensics-quickie-verifying-program.html

That's a pretty great week of new posts, get to reading!

Also Read: Daily Blog #285 

Post a Comment