Live From Enfuse Day 3!
This week with
Lesley Carhart, @hacks4pancakes talking about being the very first Women in Technology solving for X award presented by Guidance Software, hacks4kids and her dfir research interests
Dr. Bradley Shatz, @wirespeed4n6, talking about DFRWS evimetry, aff4 and his new advanced imager
Ashley Hernandez, @ashleyatencase, talking about all the new things coming from guidance regarding Encase Forensic, Endpoint investigator and mobile acquisition/examiner
Steve Whalen from Sumuri, Jake Williams from Rendition Infosec and Dmitry Sumin from Passware
Live with Amber Shroader of Paraben, Matt Bromiley from SANS, Matt Mcfadden Director of training from Opentext/Guidance
The Forensic Lunch!
This week we had:
Cindy Murphy, @CindyMurph
Matt Linton, @0xMatt
Ryan Pittman no @ to be had
talking about how music and forensics goes together and the impact of listening to music on solving technical issues.
Also Matt and I talked about Enfuse as well as stupid shell item tricks.
Paul Shomo comes on to talk about Guidance Software's new Forensic Artifact Research Program where you can get $5,000 USD just for research you are already doing! Find out more here: https://bugcrowd.com/guidancesoftware?preview=114da7695ff86ae70ec01aaf2c6878b0&utm_campaign=9617-Forensic_artifact-20170426&utm_medium=Email&utm_source=Eloqua
Phil Hagen introduced the new SANS Network Forensics poster to be released later this month
Matt Bromiley is talking about the Ken Johnson Scholarship setup by SANS and KPMG you can learn more and apply here https://digital-forensics.sans.org/blog/2017/03/03/ken-johnson-dfir-scholarship
Phil, Matt, Lee and I talked about the DFIR Summit
Lee Whitfield and I talked about the 4Cast Awards, Voting is open here: https://forensic4cast.com/forensic-4cast-awards/
This week have:
Ashley Hernandez from Guidance Software talking about Enfuse
Nicole Ibrahim from G-C Partners talking about event tracing logs in Windows
Lee Whitfield summing up the news of the week
This episode we catch up with Lee on the news and talk about current issues in DFIR.
This episode we talk vault 7 leaks with Lee Whitfield, what it means for DFIR and other news as well as DFIR database usage discussions and development updates with Matthew and I.
Michael Louis joins us to talk about how lawyers select and vet experts. Also talks about Toastmasters and how they teach good presentation skills and analogy creation through their program.
Matt Bromiley is here to announce BBQ Con!
Ryan Benson is here to talk about updates to Hindsight, what he's been up to and his other tool SQUID.
David Dym came on to talk about FAT32 removable storage and the things OSX does to it.
Lee Whitfield comes on to talk about the Forensic 4Cast awards which are now taking nominations.
Jonathan Poling came on to talk about his new blog and his work at Secureworks
Friend of the show Eric Zimmerman is back to talk about updates to his tools and research
Davida and I talk about whats new in our research, tools and packages
Michael Gough talking with us about his tool LOG-MD and his work.
We also go into SRUM again showing new data we can correlate within it.
This episodes is all about Hibernation files and Mark Spencer's company Arsenal Consulting research into it that led to the creation of a new tool called Hibernation Recon.
Live broadcast from OSDF Con 2016
Talking about DCITA, Autopsy and the academic program that Mark McKinnon is running at Davenport.
Sorry about the audio on this one, we had a bad upstream.
The forensic lunch!
The twice a month live videocast/podcast all about #DFIR
This episode we have:
Bradley Schatz of Shatz Forensics and Evimetry, @blschatz, talking about his amazing new toolset Evimetry. Watch this first segment to learn more about AFF4, imaging bottlenecks and how his toolset can allow faster imaging locally, remotely and in cloud while doing a bunch of other really cool stuff!
Learn more about his toolset here: http://evimetry.com/
Scott Wahlstrom of KPMG, @wahlstros, came on to talk about the deployable mobile forensic GoKits KPMG has been testing and using in the field. Cool stuff here if you ever wonder how you can bring an entire analysis lab to a data center for a week.
Lastly Matt and I talk about whats new in Windows 10 Forensics with the following artifacts covered:
Lnk Files
Recent Docs
Shell bags and
Jumplists
Watch a couple times to really understand the impact this will have on your investigations!
The Forensic Lunch!
The videocast/livecast/podcast all about #DFIR!
This week we have Eric Zimmerman talking about the work he did speed and scale testing Encase, FTK and X-ways.
Also Matthew and I talking about our newest tool BitRocker which will expose which recovery keys will unlock a bitlocker encrypted volume.
Get our newest tool BitRocker here: https://www.gettriforce.com/product/bitrocker-bitlocker-recovery-key-identifier/
Read Eric's testing here: https://binaryforay.blogspot.com/2016/09/let-benchmarks-hit-floor-autopsy-vs.html
The Forensic Lunch!
The twice a month live videocast/podcast all about #DFIR!
This broadcast is all about running an isolated virtual network on Intels newest NUC, the Skull Canyon. Watch the video to see us demonstrate running 5 vms in an isolated virtual network on a small, fast and low powered portable system.
You can get the Intel NUC Skull Canyon at amazon here: https://smile.amazon.com/Intel-NUC-Ki...
or at your local Microcenter or Fry's
This is the M.2 NVME SSD Drive I'm using to get 2GB/s reads and 1.5GB/s writes: https://smile.amazon.com/Samsung-950-...
This is the memory I used: https://smile.amazon.com/Crucial-16GB...
Here is the link to the free version of ESXI v6: https://my.vmware.com/en/web/vmware/e...
Expect a blog post where I go through the process
The Forensic Lunch!
The twice a month live videocast/podcast all about #DFIR !\
This broadcast:
Matt Bromiley, +Matt Bromiley talking about filters he has made for Elastic Handler and work
Talking about the 1st Annual Defcon Forensic CTF
Updates to EventMonkey to work with EVTXtract from Willi Ballenthin and bringing in descriptions
and more!
Download the Defcon Forensics CTF Here:
https://forum.defcon.org/forum/defcon...
The password to extract:
,sli38pdsf;aj8387f*HKlnelne7fy7GUHMBNWlo9udsijw_kn3ohfsa8y^%%T
Submit your answers here:
whymirosh@gmail.com
Link to event monkey:
https://github.com/devgc/EventMonkey
It's the Forensic Lunch!
The twice a month live videocast/podcast all about DFIR
This episode's guests:
Phil Hagen
Eric Zimmerman
Links:
- Twitter: @SOF_ELK
- Config/code repo: http://for572.com/sof-elk-git
- VM readme (w/ instructions and download link):
It's the Forensic Lunch!
The twice monthly videocast/podcast just about #DFIR join us as we talk about whats new and what new things you can do!
This broadcast we are taking the time to update you on our own tools.
We talked about:
Pancake Viewer, an open source tool to visually explore forensic images and shadow copies (like an open source ftk imager), https://github.com/forensicmatt/PancakeViewer
Event Monkey, an open source and multi threaded event log parser that outputs to sqlite and ElasticSearch, https://github.com/devgc/EventMonkey
Event Monkey Monitor, a tool we are working on releasing that lets you monitor event logs in real time
pytskUSBDeviceForensics, a version of WoanWare's USB Device Forensics program that allows you to feed in images, https://github.com/woanware/usbdeviceforensics/blob/master/pyTskusbdeviceforensics.py
This episode is live from Enfuse with
Jake Williams and Heather Mahalik
Paul Shomo of Guidance Software
Ashley Hernandez of Guidance Software
Jeff Hedlesky of Guidance Software
Forensic Lunch live from EnFuse with Rob Batzloff talking about Encase 8, and James Wiebe talking about new advancements at CRU
The Forensic Lunch!
A special episode hosted by Nicole Ibrahim and featuring in no
particular order:
Mari Degrazia
Cindy Murphy
Heather Mahalik
Sarah Edwards
Shelly Giesbrecht