Hello Reader,
It's Saturday and after another week of hard work you deserve a break. Use that break time to get even better at DFIR with this weeks Saturday Reading!
1. We had another great forensic lunch this week! You can watch it here: http://www.youtube.com/watch?feature=player_embedded&v=2P5Sv6yyd5Y This weeks guests:
Ian Duffy, +Ian Duffy , talking about his research into the Microsoft Office compound file format.
You can read Ian's blogs on this topic here: http://forensecurity.blogspot.com/2014/01/microsoft-office-compound-document.html
Andrew Case, +Andrew Case , discussing his work in the memory forensics and Volatility
Matthew and I showing the latest changes for this months Beta release of ANJP.
2. Jason Hale has a neat blog up this week relating to a new feature in Microsoft Word 2013. The feature tracks where a user left off in their reading of a document, something that can be very useful in showing more than just opening of a word document. Read more about it here: http://dfstream.blogspot.com/2014/01/ms-word-2013-reading-locations.html
3. Lenny Zeltser has a good blog up on the SANS Forensics blog this week talking about all the different specialties of DFIR that are forming, http://digital-forensics.sans.org/blog/2014/01/30/many-fields-of-dfir. I think this type of knowledge needs a wider audience to understand just how wide and deep our field is.
4. Jamie Levy has put a link to her slides for OMFW talk about profiling normal system memory http://gleeda.blogspot.com/2014/01/omfw-2013-slides.html. This is something we've been talking about for the last two Forensic Lunches so I'm very interested in learning more.
5. The Bsides NOLA CFP ends today! Quick get your submission in! http://www.securitybsides.com/w/page/71231585/BsidesNola2014
6. Jack Crook has a great analysis of the ADD affected memory image up on his blog, http://blog.handlerdiaries.com/?p=363. This is a great post for understanding how to spot whats abnormal and track it down.
7. Here is a good post by Brian Moran showing how open source tools fare against the Target POS Malware, http://brimorlabs.blogspot.com/2014/01/target-pos-malware-vs-open-source-tools.html.
8. Julie Desautels has put up an interesting blog using her Google Glass forensic research to make the case that a driver was or was not operating the Glass device at the time she was pulled over. These types of devices are only going to grow in the future so get a head start and read this here, http://desautelsja.blogspot.com/2014/01/proving-case-of-cecilia-abadie-using.html.
It's Saturday and after another week of hard work you deserve a break. Use that break time to get even better at DFIR with this weeks Saturday Reading!
1. We had another great forensic lunch this week! You can watch it here: http://www.youtube.com/watch?feature=player_embedded&v=2P5Sv6yyd5Y This weeks guests:
Ian Duffy, +Ian Duffy , talking about his research into the Microsoft Office compound file format.
You can read Ian's blogs on this topic here: http://forensecurity.blogspot.com/2014/01/microsoft-office-compound-document.html
Andrew Case, +Andrew Case , discussing his work in the memory forensics and Volatility
- The Volatility project page is here: http://code.google.com/p/volatility/
- You can pre-order the memory forensics book here: http://www.amazon.com/gp/product/1118825098/ref=as_li_ss_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=1118825098&linkCode=as2&tag=malwacookb-20
- You can find out more about Volatility training here: http://volatility-labs.blogspot.com/2013/10/2014-malware-and-memory-forensics.html
- Volatility Community Documentation can be found here: http://code.google.com/p/volatility/wiki/VolatilityDocumentationProject
- You can find out more about Bsides NOLA here: http://www.securitybsides.com/w/page/71231585/BsidesNola2014
- Read the blog analyzing ADD that Andrew talked about here: http://blog.handlerdiaries.com/?p=363
Matthew and I showing the latest changes for this months Beta release of ANJP.
2. Jason Hale has a neat blog up this week relating to a new feature in Microsoft Word 2013. The feature tracks where a user left off in their reading of a document, something that can be very useful in showing more than just opening of a word document. Read more about it here: http://dfstream.blogspot.com/2014/01/ms-word-2013-reading-locations.html
3. Lenny Zeltser has a good blog up on the SANS Forensics blog this week talking about all the different specialties of DFIR that are forming, http://digital-forensics.sans.org/blog/2014/01/30/many-fields-of-dfir. I think this type of knowledge needs a wider audience to understand just how wide and deep our field is.
4. Jamie Levy has put a link to her slides for OMFW talk about profiling normal system memory http://gleeda.blogspot.com/2014/01/omfw-2013-slides.html. This is something we've been talking about for the last two Forensic Lunches so I'm very interested in learning more.
5. The Bsides NOLA CFP ends today! Quick get your submission in! http://www.securitybsides.com/w/page/71231585/BsidesNola2014
6. Jack Crook has a great analysis of the ADD affected memory image up on his blog, http://blog.handlerdiaries.com/?p=363. This is a great post for understanding how to spot whats abnormal and track it down.
7. Here is a good post by Brian Moran showing how open source tools fare against the Target POS Malware, http://brimorlabs.blogspot.com/2014/01/target-pos-malware-vs-open-source-tools.html.
8. Julie Desautels has put up an interesting blog using her Google Glass forensic research to make the case that a driver was or was not operating the Glass device at the time she was pulled over. These types of devices are only going to grow in the future so get a head start and read this here, http://desautelsja.blogspot.com/2014/01/proving-case-of-cecilia-abadie-using.html.
Also Read: Daily Blog #222
Post a Comment