Saturday, April 26, 2014

Daily Blog #307: Saturday Reading 4/26/14

Hello Reader,
    It's Saturday and I'm still at the National Collegiate Cyber Defense Competition. So while we reveal our plans to the 10 top student teams competing here, get your coffee or tea ready for this weeks reading to keep your own intruders out. Time for more links to make you think in this weeks Saturday Reading!


1. We had a short forensic lunch http://forensicmethods.com/webshell-log-analysis this week, This week we had:

Shelly Giesbrecht, @nerdiosity,  talking about her upcoming talk at the SANS DFIR Summit called '10 Ways To Make Your SOC More Awesome', learn more about the event here and you can hear a leadup to it on a SANS Webinar here: https://www.sans.org/webcasts/10-ways-rock-soc-97975

We also talked a bit about the National Collegiate Cyber Defense Competition where I am currently leading the red team before I had to run back to the fun! Also no audio issues!
You can watch it here: https://www.youtube.com/watch?v=M9Xtq1ZH74I&list=UUZ7mQV3j4GNX-LU1IKPVQZg

2.  Mari DeGrazia is back with a new post this week on parsing thunderbird archives, http://az4n6.blogspot.com/2014/04/whats-word-thunderbird-parser-that-is.html.

3. Chad Tilbury has a new post on Forensic Methods all about getting to know your web logs, http://forensicmethods.com/webshell-log-analysis.

4. Yogesh Katri has a new post up all about additional locations where Windows 8.1 stores search history, http://www.swiftforensics.com/2014/04/search-history-on-windows-81-part-2.html. Going beyond lnk files to event logs and cache files.

5. Jake Williams has a new post up taking about how to get Sift 3.0 running in an Amazon EC2 instance, http://malwarejake.blogspot.com/2014/04/sift-in-ec2.html.

6. Brian Moran has a new post up all about geolocating a devices past history, and its not a mobile phone. http://brimorlabs.blogspot.com/2014/04/you-dont-know-where-that-device-has-been.html.

7. Dave Hull has a new post up talking about the release of a new windows response tool he's preparing for his talk at the DFIR Summit, http://trustedsignal.blogspot.com/2014/04/kansa-modular-live-response-tool-for.html.