Saturday, June 14, 2014

Daily Blog #356: Saturday Reading 6/14/14

Hello Reader,
       It's been a long couple of weeks for me and I'm enjoying a little down time this weekend. What better way to wind down then with some good reads to help next weeks work be even better with new information and new tools. It's time for links to make you think in this weeks Saturday Reading!

1. The forensic lunch this week again had no guests but plenty of content:
This week we talked about:
The SANS DFIR Summit, our favorite talks and what makes it stand out as a conference
Dave Hull's, @davehull project Kansa http://github.com/davehull/kansa
An in depth discussion of Volume Shadow Copies discssuing:

  • How to identify how much shadow copies are active on a volume (without VSS Admin)
  • Evidence of Automatic vs Manual VSC deletion
  • What different tools show for how many VSCs exist
  • What you can and can't implictily trust
  • How to validate what you see
More about what forensic tools should provide to an examiner at a minimum
And BBQ Summit talk!

2. Matt has his own blog back up to talk about all things beard worthy, this weeks entry is all about good forensic dev work. You can read his first blog post here http://forensicmatt.blogspot.com/2014/06/what-makes-great-tool-in-dfir.html

3.  All of the presentation materials from the SANS DFIR Summit are now online for your viewing, https://digital-forensics.sans.org/community/summits . In the neat future there should be videos of them up as well!

4. Adrian aka Cheeky4N6Monkey has a new post up this week discussing some internal structures and data sources in examining Windows Phone 8 devices, http://cheeky4n6monkey.blogspot.com/2014/06/monkeying-around-with-windows-phone-80.html. Cool stuff!

5. On the plaso blog there is a write up by Ashley all about how to get your Plaso timeline into Elastic Search (and then Kibana) http://blog.kiddaland.net/2014/06/ill-take-some-elasticsearchkibana-with.html

6.  The Forensic 4:Cast awards have come and gone, come see who won on the 4:cast Blog (Hint I did!) https://forensic4cast.com/2014/06/4cast-awards-2014-2/