Hello Reader,
For most of the US it's dang cold outside, so close the curtains and put on a 10 hour youtube yule log video to stay warm on the roku. Make yourself a hot drink and get ready for more links to make you think in this weeks Saturday Reading.
1. Forensic Lunch, #1 on the list and #1 in my heart, was pretty fantastic this week, we had:
Robert Wallace & Matt Bromiley from talking about how they are using elastic search to work with big data breaches
Willi Ballenthin,+Willi Ballenthin talking about his work in DFIR and he's recently released tools working with NTFS. You can read Willi's blog here: http://www.williballenthin.com/ and follow him on twitter @williballenthin
Brian Moran,+Brian Moran talking about his work in memory forensics, POS Malware and other fun topics. You can read Brian Moran's blog here: and follow him on twitter @brianjmoran and on Google+ +Brian Moran
Watch it here: http://www.youtube.com/watch?v=wS37kMXyvOc
2. SANS has released the answers to their memory challenge, let's see if you got it right! http://digital-forensics.sans.org/blog/2014/02/08/apt-memory-and-malware-analysis-solution
3. Willi Ballenthin has two interesting posts up discussing how we can make tools that could work better with each other. The first http://www.williballenthin.com/blog/2014/02/07/towards-better-tools-part-1/ and the second http://www.williballenthin.com/blog/2014/02/08/towards-better-tools-part-2/ should be good fodder for those of you thinking about making/sharing your own tool.
4. Jason Hale has written up a blog to release a batch script that will pull device install events from event logs, http://dfstream.blogspot.com/2014/02/usb-device-tracking-batch-script.html. While you shouldn't rely on it soley its the only tool that I know of right now that's automating the event log aspect of USB device analysis.
5. Dan Pullega has a new post up this week, part of a series he's calling 'forensics quickies' It's not very quick but its a good read for those of you who need a refresher on the recent docs key. http://www.4n6k.com/2014/02/forensics-quickie-pinpointing-recent.html
6. Lee Whitfield has a new website up all about defending our digital freedoms, http://ourdigitalfreedom.com/?p=26. You should give it a read and see what your thoughts are.
7. Brian Moran has a new post up this week analyzing the 'chewbacca' POS malware, if you watched the forensic lunch you know that Brian bought a POS at a thrift shop (but for more than $20) and has been doing some interesting testing and research on it. http://brimorlabs.blogspot.com/2014/02/chewbacca-vs-open-source-tools-maybe.html
8. Jake Williams has a new blog up this week all about how to fail at secure communications on your team when an incident is occurring, http://malwarejake.blogspot.com/2014/02/how-to-fail-at-incident-response.html. This is a valuable lesson that you are better learning from others rather than from your own mistakes.
Make sure to come back tomorrow for another Sunday Funday!
For most of the US it's dang cold outside, so close the curtains and put on a 10 hour youtube yule log video to stay warm on the roku. Make yourself a hot drink and get ready for more links to make you think in this weeks Saturday Reading.
1. Forensic Lunch, #1 on the list and #1 in my heart, was pretty fantastic this week, we had:
Robert Wallace & Matt Bromiley from talking about how they are using elastic search to work with big data breaches
Willi Ballenthin,+Willi Ballenthin talking about his work in DFIR and he's recently released tools working with NTFS. You can read Willi's blog here: http://www.williballenthin.com/ and follow him on twitter @williballenthin
Brian Moran,+Brian Moran talking about his work in memory forensics, POS Malware and other fun topics. You can read Brian Moran's blog here: and follow him on twitter @brianjmoran and on Google+ +Brian Moran
Watch it here: http://www.youtube.com/watch?v=wS37kMXyvOc
2. SANS has released the answers to their memory challenge, let's see if you got it right! http://digital-forensics.sans.org/blog/2014/02/08/apt-memory-and-malware-analysis-solution
3. Willi Ballenthin has two interesting posts up discussing how we can make tools that could work better with each other. The first http://www.williballenthin.com/blog/2014/02/07/towards-better-tools-part-1/ and the second http://www.williballenthin.com/blog/2014/02/08/towards-better-tools-part-2/ should be good fodder for those of you thinking about making/sharing your own tool.
4. Jason Hale has written up a blog to release a batch script that will pull device install events from event logs, http://dfstream.blogspot.com/2014/02/usb-device-tracking-batch-script.html. While you shouldn't rely on it soley its the only tool that I know of right now that's automating the event log aspect of USB device analysis.
5. Dan Pullega has a new post up this week, part of a series he's calling 'forensics quickies' It's not very quick but its a good read for those of you who need a refresher on the recent docs key. http://www.4n6k.com/2014/02/forensics-quickie-pinpointing-recent.html
6. Lee Whitfield has a new website up all about defending our digital freedoms, http://ourdigitalfreedom.com/?p=26. You should give it a read and see what your thoughts are.
7. Brian Moran has a new post up this week analyzing the 'chewbacca' POS malware, if you watched the forensic lunch you know that Brian bought a POS at a thrift shop (but for more than $20) and has been doing some interesting testing and research on it. http://brimorlabs.blogspot.com/2014/02/chewbacca-vs-open-source-tools-maybe.html
8. Jake Williams has a new blog up this week all about how to fail at secure communications on your team when an incident is occurring, http://malwarejake.blogspot.com/2014/02/how-to-fail-at-incident-response.html. This is a valuable lesson that you are better learning from others rather than from your own mistakes.
Make sure to come back tomorrow for another Sunday Funday!
Also Read: Daily Blog #229
Post a Comment