Saturday, May 10, 2014

Daily Blog #321: Saturday Reading 5/10/14

Hello Reader,
         It's Saturday!  I'm feeling better and the skies are blue, its go drop the kids off with the grandparents and get ready for another week! Time for more links to make you think in this weeks Saturday Reading!

1. We had a great Forensic Lunch this week! Our guests this week (in order of appearance):


You can watch it here:
https://www.youtube.com/watch?feature=player_embedded&v=mNLOokxME5A

2.  Harlan has a new post up on his blog with updates, most importantly to me is the new plugins available for RegRipper! http://windowsir.blogspot.com/2014/05/new-stuff.html
While I use a variety of tools its rare for me to not have regripper on hand.

3. David Kovar has a new post up on his view on Incident Response as it stands today, http://integriography.wordpress.com/2014/05/06/if-you-are-doing-incident-response-you-are-doing-it-wrong/. It's a good post that should help you put your reactive response efforts into the perspective of established emergency management processes to help you manage rather then respond.

4. Over on the Linux Sleuthing blog there is a new post showing how to use command line tools to parse search queries from history plists, nice walk through if you don't speak grep/sed/awk/regex http://linuxsleuthing.blogspot.com/2014/05/searching-for-searches.html

5. Michael Maurer has a new post up on the DiFT blog announcing the alpha release of a virtual machine that will take your supertimeline data into logstash and thus elastic search/kibana. A great resource if you don't have a team of developers on hand to solve all of these things for you: http://diftdisk.blogspot.com/2014/05/dift-alpha.html