Hello Reader,
Today we had another Forensic Lunch! This week we had:
Today we had another Forensic Lunch! This week we had:
- Alissa Torres, (@sibertor) talking all about the changes for FOR526 as a 6 day bootcamp of memory forensic goodness, with daily Netwars challenges! You can find out more and sign up here: https://www.sans.org/event/cyber-threat-intelligence-summit-2019/course/memory-forensics-in-depth
- Alissa and I also talked about the CTI Summit which is happening the two days prior to the courses you can find out more about it here: https://www.sans.org/event/cyber-threat-intelligence-summit-2019/summit-agenda
- BTW I'm also teaching FOR500 at the CTI Summit, my only east coast teach of the year: https://www.sans.org/event/cyber-threat-intelligence-summit-2019/course/windows-forensic-analysis
- Dr. Joe Sylve (@jtsylve) talked about his work in producing both a pooled storage implementation for TSK (The Sleuth Kit) as well as APFS
- We talked about how APFS works compared to other file systems and Dr. Sylve did some demos showing how the tsk tools have been extended to work with APFS snapshots and encryption!
- You can get the current patch for TSK here: https://github.com/blackbagtech/sleuthkit-APFS/ which hopefully will get rolled into the next release of TSK
What a great show! You can watch the video here:
Also Read: Daily Blog #573
