DFIROnline Updates

15 Apr 2012

At the beginning of this month I was thinking that the schedule for DFIROnline was looking a little light. So I emailed a few people who I would to hear speak and received an extremely positive response. In fact a little more positive than I was expecting! As a result next space for a main presentation is in August. I thought I would take a few minutes to give a bit more detail on the upcoming presentations than is in the schedule and also announce that we will have a special meetup on May 3 with Willi Bellenthin of Mandiant presenting "Getting to know your NTFS INDX Records".

Other events coming up:

April 19 (that's this Thursday) Kevin Rippa will be taking us inside his lab and demonstrating physical hard drive analysis and recovery live. He will be using a couple of webcams and some really cool equipment. Then Girl Unallocated will be running through a Case Experience looking at how CCleaner was used in a case. She has been putting a heap of effort into the developing this and if you have been following her blog (if you have not you should) you will know that she brings a great sense of humour to everything.

May 3 - SPECIAL EVENT - Willi Bellenthin of Mandiant presenting "Getting to know your NTFS INDX Records". This is a presentation Willi made recently for NYC4SEC, it received lots of positive response and is a good reminder of how important it is to look beyond the MFT. He has already posted the slides

May 17 - Jesse Kornblum has done some great work on hashing algorithms and is the author of ssdeep, md5deep and hashdeep among others (you can see them all at: jessekornblum.com/tools/. As a Computer Forensics Research Guru with Kyrus Technology he is doing some pretty cool stuff. However this time he is looking at how you can tell a story rather than just repeating the facts.

On June 21 I will be in New York city so I contacted the folks at NY4SEC and suggested we stream a live session from their meeting. So this will be bit of an experiment, I will be looking at carving algorithms and the techniques used by different tools to carve files. I will be using adobe connect so everyone online will still be able to ask questions and of course heckle as much as they want.

I am still looking for people to present case studies (or more to the point tell a story) about a case so please let me know if you want to get involved, just email: meetup_at_writeblocked.org