Week 15 – 2017

If you’d like to vote this site for the Forensic 4cast blog of the year, that would be greatly appreciated 🙂
2017 Forensic 4:cast Awards – Voting

FORENSIC ANALYSIS

THREAT INTELLIGENCE/HUNTING

UPCOMING WEBINARS

  • The submission deadline for the 10th International Workshop on Digital Forensics (WSDF 2017) has been extended to May 1st 2017. The conference is being held in Reggio Calabria, Italy August 29 – September 2, 2016.

PRESENTATIONS/PODCASTS

MALWARE

MISCELLANEOUS

  • Greg Smith at TrewMTE asks the question “Could ISO/IEC 27037:2012 be the better option for handling and obtaining digital forensic evidence?”, however, it doesn’t appear that he has followed up with a comparison with ISO/IEC 17025 yet.
    Digital Evidence ISO/IEC 27037 -v- ISO/IEC 17025

  • Brett Shavers posted a couple times this week
    • He has heavily discounted his X-Ways training course. If you retweet his tweet before April 17, you’ll get “the course for ONLY $119, plus receive a FREE COPY of the X-Ways Forensics Practitioner’s Guide*!”. I’m currently working my way through the course and I’m very impressed with it; it’s great to get an understanding of how to utilise X-Ways Forensics, especially since you can do it at your desk at your own pace.
      The 2 Fastest and Least Expensive Ways to Learn X-Ways Forensics
    • He has also put out his request to vote for his book for the 4Cast Award for Book of the Year.
      Forensic 4:cast awards…. VOTE FOR MY BOOK!! (pretty please)

  • DFIR Guy at DFIR.Training gives his tips for “avoiding the 90% of material you don’t need”. These tips centre around focusing on the information that you require to learn, as well as choosing the right trainers for the job. He also recommends learning something new every day; 30 minutes a day adds up to quite a bit over the course of a year.
    I only do 10%.

  • There were a couple of posts by the guys at DME Forensics
  • Scar de Courcier at Forensic Focus has interviewed Professor Peter Sommer on his past, his current work including the survey “on the effectiveness of and potential problems associated with ISO 17025”, The Digital Evidence Handbook, and his teaching, as well as the current and emerging problems in digital forensics.
    Interview With Professor Peter Sommer

  • Scar has also compiled this month’s popular discussions on the Forensic Focus Forum
    Forensic Focus Forum Round-Up

  • Mike Shanoudi  shares the “7 most common mistakes when it comes to Incident response (IR) and lessons to learn from”
    Seven Un-Wonders Of Incident Response

  • John Patzakis, Esq. at the X1discovery blog discusses the revisions to the Sedona Principles, now in their 3rd edition. John’s post focuses on “the over-use of forensic disk imaging for eDiscovery preservations”. The commentators of the principles indicate that forensic disk imaging has its place, however, practitioners should focus their time on (correctly) extracting the necessary data, rather than performing the time-intensive imaging process. As storage device capacities increase there’s a strong push to only extract the relevant data unless the rest is required.
    Updated Sedona Principles Disfavor Forensic Imaging and Over-collection for Routine eDiscovery Preservation

  • Yulia Samoteykina at Atola Technology shows how to use the Atola Insight to create an E01 image of a drive (with MD5 and SHA1 hashing).
    Imaging a Source Drive to an E01 File with a Double Hash

SOFTWARE UPDATES/RELEASES

And that’s all for Week 15! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s