Sneak Peak at the Forensic 4cast Awards

Want to know what the awards will look like? I have to admit, these do look pretty darn cool. I think they are very ‘Geek Chic’.

Anyway, here they are. Feedback is appreciated and, if you’re in contention for an award this year – how much more do you want one now? If you’re not in contention for an award – go out and convince people to nominate and vote for you in 2011.

And yes, that is pin-point accurate laser engraving. Nice.

Episode 30 – Amy Winehouse is no Forensic Guru

The Forensic 4cast Awards, AccessData merges with CT summation, Google may face prosecution over wiretapping laws, and we talk about what to do if you child porn on your company server.

Forensic 4cast Awards – Open to All

This is an important update on the Forensic 4cast Awards.

SANS have announced that both the Forensic Challenge Awards and the Forensic 4Cast Awards will be open to anyone that wishes to attend. This will be the case whether or not you are a delegate for the summit.

This is superb news and I’d like to say a huge thankyou to SANS for making this possible. If you’re going to be in the DC area on July 8 2010 please make sure to stop by and attend the awards. If you can’t be in DC for the awards, I would first ask “WHY NOT?” but then I’d console you and tell you not worry too much as SANS are also pushing the awards out by simulcast. We’ll have the link for you closer to the time but that is awesome. This means that you have no excuse to not attend in some capacity.

I’ve also been informed of the possibility of food (this is yet to be confirmed though). Even if the entertainment of the awards doesn’t entice you to come the food should!

This should be an exceptional event as there all kinds of people will be there, from Rob Lee, to Harlan Carvey, to Mark McKinnon. Its your chance to meet these pillars our our community and to commiserate them when someone else wins their awards

The times for the awards are:

• 630 PM Forensic Challenge Awards
• 730 PM Forensic 4Cast Awards

The events will be held at:

Fairmont Washington DC
2401 M Street, NW
Washington, DC 20037

Now, on to the next item of business… anyone out there willing to perform a song or two for the awards?

Sometimes I Wonder

I’ve been doing Forensic 4cast for over 2 years now. In that two years I’ve always done what I think is right and appropriate for those people that enjoy listening, reading, and participating in the podcast and website. Some thing may not have gone over too well with some people (man do I wish I could share a story there…) but, for the most part I get the impression that people enjoy Forensic 4cast. I even quite enjoy the friendly banter between listeners and myself. Its good fun. What I won’t stand for, however, is people questioning my motives.

I have a day job doing forensic investigations. This is a full time job and quite demanding at times, but I’m paid well enough by Disklabs to see past the less enjoyable parts of the job and focus on the upside.

When I come home in the evenings I can often be found preparing for the next episode of the podcast, doing some research, or writing an article. Am I paid for doing any of this? No. I receive donations from time to time but these are used to sustain the podcast. I also receive items from time to time, t-shirts, software, and so on. These are sent to me by kind people that are associated with Forensic 4cast in some way.

I have poured hundreds of hours into Forensic 4cast over the last two years, none more so than with the Forensic 4cast Awards. This event is held at my own expense. It is entirely voluntary. I receive no payment of any kind for organising and hosting the event. Yes, this year SANS have been kind enough to provide a venue for this, for which I’m very grateful, and someone else has kindly offered to provide the physical awards for distribution. Let me reiterate…

I do not receive ANYTHING for this event. I do not take sponsorship, I do not take payment, I do this  for the sole purpose of giving a few hard working people, those that are the pillars of the forensic community, some much needed recognition. I completely resent any implication that I’m doing this for some ulterior motive.

Next year things will change. I’m going to get a bit more organised and get in some volunteers to assist. I’m also going to remove ‘Forensic 4cast’ from the title of the awards and call it the ‘Digital Forensic Awards’. That way people can’t complain that I’m even doing it for publicity purposes. I do this because I love doing it.

Sorry, I just wanted to make sure that everyone knew exactly what benefit there is for me in organising the awards and maintaining the podcast. As for the naysayers (and no its not Luby or Kovar) why don’t you try doing something more productive than tearing others down. Why not focus all of that energy into doing something productive and bettering the field instead of trying to pull people down? </rant>

Forensic 4cast Awards 2010 – Voting is Open

The nominations have been taken and counted and now we have narrowed down the fields to just a few for voting. You will notice that the ‘Blog Article’ entry has not made the cut. This is because so many people nominated different articles that no two nominations were the same. I know this is the risk of running nominations and I may change the format next year.

You will also notice that the categories will have two, three, or four nominees. This is because the nominations were so close. We didn’t want to pick and choose so we’ve just left it all up to you.

Finally. We’ve decided to take the ‘Lifetime Achievement’ award off. We will still be presenting an award for this but it will be at the discretion of Forensic 4cast. This is likely to be the case for this category from now on.

Anyway, as before we’ve asked that you give your name and email address just so that we can stop people from spamming.

Voting will close on July 6 2010. That’s only three weeks so get voting!

SANS Forensic Summit 2010 – Why you MUST attend

First of all I know that some people will argue about my use of the word ‘must’ but I stand by it. Yes there are other conferences that you can attend but the SANS Forensic Summit will have presentations and panels with some of the most respected people in the fields or digital forensics and incident response. These people will be sharing their real-world experiences with us. The sharing of these experiences means that we can all learn and grow together as a field.

A couple of weeks ago I wrote a post about how there is a growing trend for forensic investigators to feel like they know enough and that there is little else to learn. I defy anyone to attend this summit and walk away not feeling as if they have a lot more to learn.

That being said, what will be discussed at this summit? I’m not going to give a summary of every presentation and panel, but I’m going to provide you with some of the highlights that I’m looking forward to.

Harlan Carvey will be presenting on Registry and Timeline Analysis. If you know Harlan or have used Regripper you know that this is Harlan’s area of expertise. What a tremendous opportunity to learn straight from one of the best in the field.

Jeff Hamm and Robert Shullich are presenting on the dissecting of the exFAT file system. I’m personally very interested to hear all about this.

Troy Larson of Microsoft (a small Seattle -based software company) will be presenting on forensic issues relating to Windows 7. With Windows 7 taking an increased percentage of the OS market we can’t afford to stand by and ignore these issues.

Jesse Kornblum will be presenting on fuzzy hashing. A key method of identifying known data. Should be a great presentation.

And that leaves me. Of course I’m going to talk about  my presentation the most, mostly because I’m a shameless self-promoter, but also because I believe my presentation has significant value. My presentation ‘Shadow Warriors’ will take place from 3:20pm until 4:20pm on the second day. I will be presenting with Mark McKinnon of Red Wolf Computer Forensics. Our presentation will focus on how to manually dissect Microsoft ‘difference files’ (commonly known as volume shadow copies), but this is not all. We will also be demonstrating our upcoming forensic software ‘Shadow Analyser’. It is well worth your time to go to the summit just for this presentation

There are many other reasons to attend but one more item that I want to discuss (again due to the shameless self promotion) is the Forensic 4cast Awards. This event will take place on the evening of the first day and will be fantastic. Speaking of which don’t forget to post your nominations and votes.

The SANS Forensic Summit 2010 will take place on 8th and 9th July 2010 at the Fairmont, Washington DC.  Full details can be found at http://www.sans.org/forensics-incident-response-summit-2010/. Hope to see you there.

Episode 29 – #robleeisagiant

Today we discuss what happened at CEIC, the Guidance acquisition of Tableau, FTK and Guidance releasing new forensic tools, the SANS Forensic Summit, and the Forensic 4cast Awards.