Sunday, April 10, 2011

Forensic 4cast EnCase 7 Interview

Lee and I interviewed Steve Salinas and Ashley Stockdale from Guidance Software about EnCase Version 7. I think Lee may have set an all time podcasting production record when he was able to get the podcast edited and posted in about three hours after we did the interview. EnCase is my primary file system digital forensics tool so I’m very excited to see what is in store for EnCase V7. Steve and Ashley were excellent interview subjects and did a fine job explaining what we can expect in the new version. Steve and some others have also been working hard to hit the road and talk to the community about V7. You can find a schedule of the presentations Guidance is giving all across the world at their website. If you are an existing user, you can also register for a preview of the software. I’ll be at the NYC sneak peak that will be held this coming Friday.

FTK News

According to Access Data, we can expect to see FTK version 3.3 released on Monday. It reportedly will provide some additional functionality to deal with iOS forensics in conjunction with MPE. Lee Reiber has provided some  information about the new version through Twitter. I’m also starting to hear rumblings about FTK Version 4 and I’ll bring you more information as I learn more.

Raptor 2.0

Forward Discovery has released Raptor 2.0 which is a nice live Linux distro that can be used for acquisition purposes. Their website also includes instructions on how to create a Raptor 2.0 USB.

Sleuth Kit and Open Source Digital Forensics Conference

The Sleuth Kit and Open Source Digital Forensics Conference will be held on June 14th.  Presenters at this conference will include Harlan Carvey, Cory Altheide, and Jon Stewart. Cory and Harlan will also have their open source forensics book released shortly.

Digital Forensics Search

Corey Harrell over at Journey Into Incident Response has crafted what he is calling the Digital Forensic Search using a variety of sources of information in the digital forensics world. This is a fantastic service that Corey has provided the community and he has an excellent blog that I recommend people follow.

Book Reviews

I enjoy reading and writing book reviews. It’s an art that I’m still learning and one of the people who I enjoy the most when it comes to book reviews is Richard Bejtlich. I’ve decided to add a book review list to the blog. You can find it to the right and it contains the RSS feeds of book reviewers who I follow. Right now it just contains my Amazon review feed and Richard’s. Let me know if you have some others that you like and I’ll add them to the list if I like their work. 

I recently reviewed Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats by Will Gragido and John Pirc.  You can find that review here. As you can see from the review, I absolutely loved this book and I think you will also. Let me know if you agree. Better yet, leave some feedback for everyone on Amazon if you read the book.

Mobile Malware

I ran across an interesting article recently about a variant of Zeus that is targeting mobile devices. It’s another good illustration of why we can’t ignore what is going on in the mobile device space. It’s going to be increasingly difficult for those who are working in security to ignore the mobile device world.  These devices are going to play an increasingly key role in modern criminal and intelligence gathering behavior. I’m working on an interview about mobile devices and augmented reality that has been an incredibly eye opening exercise for me. I hope to get it posted soon.

Twitageddon

I decided to make my semi-private @ericjhuber Twitter account “private”. While I’m not under any illusions that anything I post in a protected Twitter account is actually private, I decided it didn’t make any sense to offer out that account to the public along with my @AFoDBlog account. I had hundreds of people following the @ericjhuber account who I didn’t know and who followed me because they were curious about digital forensics and information security. I always felt bad when I’d tweet about things not related to digital forensics and cybercrime and felt pressure to be “on” with that account. I’ve decided to just use that account to socialize with digital forensics people and others who I know and who interact with me. I’ll continue to use the @AFoDBlog account as my public account where I tweet about digital forensics, information security, cybercrime, and the like. You can also talk with me and others at the blog’s Facebook page.

Thus, if you find that you suddenly aren’t following the @ericjhuber account, please don’t be offended. I drastically pared down the amount of people following that account to only to people who I actually knew and who interacted with me on a regular basis about things not just related to digital forensics.