Friday, June 13, 2014

Daily Blog #355: Forensic Lunch 6/13/14

Hello Reader,
            I had a great time doing today's show. We didn't have any guests this week but after a week of the DFIR Summit and good casework we didn't have any shortage of things to talk about!

This week we talked about:
The SANS DFIR Summit, our favorite talks and what makes it stand out as a conference
Dave Hull's, @davehull project Kansa http://github.com/davehull/kansa
An in depth discussion of Volume Shadow Copies discssuing:
  • How to identify how much shadow copies are active on a volume (without VSS Admin)
  • Evidence of Automatic vs Manual VSC deletion
  • What different tools show for how many VSCs exist
  • What you can and can't implictily trust
  • How to validate what you see
More about what forensic tools should provide to an examiner at a minimum
And BBQ Summit talk!

As discussed the show may change after next week and the weekly shows are no longer required to meet my year of blogging. I'd like to hear your thoughts of what would make show more valuable to. Topics I'd like to hear from you on include but are not limited to:
Frequency, should we keep it once a week or go to twice a month / once  amonth
Topics, Are we covering what is important to you? Should we add anything else?
Format, Do you enjoy the guests or us talking more?
Time of day/Day of week, Is there a better time we could be doing this so more of you can watch it live

Let me know in the comments below or email me dcowen@g-cpartners.com, we do the show for you not us!