Daily Blog #55: Saturday Reading 8/16/13

Saturday Reading by David Cowen - Hacking Exposed Computer Forensics Blog

Hello Reader,
      Wait, It's Saturday? Where did the week go? It's time for another Saturday Reading where I list out what I've been reading this week and what tools we've been trying out. Let's get started.

1. We had another Forensic Lunch yesterday, http://www.youtube.com/watch?v=wOHG_pwHyRo, Brian Lockery came on to talk about the crimes against children conference and his products. We talked about our efforts to get TSK's api to bind to perl and Matthew talked about his formal education towards a bachelor in computer forensics.

2. If you watched the forensic lunch you heard me talk about SWIG, http://swig.org/, which is a pretty neat project. If you want to bind a C/C++ API to your choice of language (C#, Java, Perl, Python, Ruby, etc..) it will auto generate code to wrap the functions and make them available. It takes some work to learn but it does work!

3. I finally got the website for the book done , http://www.learndfir.com, and the links are all up for the new book. Just click on the cover to be taken to it! Next we need to upload the images we made for the analysis chapters so you can solve the cases at home.

4. Are you a perl monk like I am? If so you should check out Inline C, http://search.cpan.org/~sisyphus/Inline-0.53/C/C-Cookbook.pod#The_Main_Course, which allows you to embed C and call out to C libraries within perl. The code gets compiled at run time and then cached allowing for C speed with perl execution.

5. For those of you who heard Matthew talking about his college experience getting a degree in computer forensics here are the programs he is graduating from. He is getting his Bacehlors in Information Assurance and Forensics from OSU IT http://www.osuit.edu/academics/information_technologies/ba_about.html and got his associates in forensics from Richland https://www1.dcccd.edu/catalog/programs/degree.cfm?degree=digi_forensics_aas&loc=8

6. James Webb has proferred a maturity model for organizations to measure their incident reponse capabiltiies against, I thought it was a good write up, http://blog.jameswebb.me/2013/08/modeling-ir-program-maturity.html

7. Over on the SANS blog Ira Victor has a nice writeup on his experience at Blackhat and Defcon, http://computer-forensics.sans.org/blog/2013/08/11/case-leads-a-forensicators-take-on-blackhatdefconbsides. These are traditionally very infosec focused conferences so Ira has found those takeaways that are most relevant to forensics.

8. If you watched last week's forensic lunch we talked about extended mapi parsing in Outlook. David Nides was nice enough to share a free package that parses this data, http://www.dimastr.com/redemption/home.htm, called Outlook Redemption. Check it out!

That's all this week, make sure you come back tomorrow for Sunday Funday! Another challenge and another prize for those that are ready to flex their forensic mental muscles!

Post a Comment