Friday, January 9, 2015

Nominations Open for 2014 Forensic 4cast Awards!

Hello all,

As the title of this post states, nominations are now open at the Forensic 4cast website for this years awards. These awards ceremony has become a highly anticipated event each year at the SANS DFIR Summit in Austin, Tx. I'm proud to say I've been nominated twice and won once, winning the 2013 Digital Forensic Blog of the Year.
I've already got some nominations in mind for this year and I plan to submit them soon. As far as blogs go, there are several that can be counted on year after year to provide first-rate content. You can always find excellent content on Corey Harrell's Journey Into Incident Response blog and Harlan Carvey's Windows Incident Response blog. I'm still making up my mind over those and a couple others.

Some candidates I'm considering nominating for Digital Forensic Examiner of the Year include Ken Johnson, Eric Zimmerman and Frank McClain. Ken has done some amazing work on Windows 8 forensic artifacts, while Eric has done excellent work in the area of shellbags artifacts and even released a tool called Shellbags Explorer. Frank is this guy who is always there for people. If you're on any of the DFIR related email lists, you've no doubt seen him there. He is often the first to reply to a request for help and can always be counted on for good advice and suggestions.

Without a doubt, I will be nominating The Art of Memory Forensics for Digital Forensic Book of the Year. I don't remember the last time a forensic book generated as much excitement at the time of its release as this one did. It's a huge book with so much good information. I will be very surprised if this book doesn't take the award. Win or lose, I offer my congratulations to Michael Hale Ligh, Jamie Levy, Andrew Case and AAron Walters on the success of this book.

For the software tool category, I'm looking at such good candidates as Brian Moran's Live Response and Eric Zimmerman's Shellbags Explorer. I'm sure others will come to mind, but these two are definitely in the running.

I do very little in the area of mobile device forensics, so I really don't have any opinions on the Phone Forensics categories. Likewise, I haven't had the opportunity to try out any new hardware, so I really have nothing to add there as well.

I'm still making up my mind on other nominations. If I failed to mention you or your favorites above, that doesn't necessarily mean I'm not considering them as well, so please don't be offended. These are the ones that stand out in my mind at this moment. There are so many good people, blogs and tools out there that it's hard to remember each one as I write this.

I hope you'll take the time to submit your nominations. Thanks again to Lee Whitfield for putting the awards program together each year.

Friday, January 2, 2015

Happy New Year!

I have been absent from the blogging scene for a while now (again). To be honest, I haven't had a great deal worth writing about and didn't really have time anyway. I did want to mention a couple things, though.

I was pleasantly surprised to be nominated for election to the board of the Consortium of Digital Forensic Specialists and even more surprised to find out I got elected. I gave it considerable though before accepting the nomination. I decided to go for it because I do care about the CDFS and the role it can play in our field. I'll have more to say about it as I get involved with the board. Thank you very much to all those who voted for me.

I was fortunate to attend both the Open Memory Forensics Workshop and the Open Source Digital Forensics conference back in November. As expected, both were very much worth attending. I plan to talk more about them in a (hopefully soon) future post, but I just wanted to say thanks to the Volatility crew and Basis Technology for such a great couple of days. Besides the great talks, I was happy to connect with friends I hadn't seen in a long time. I was also happy I got my copy of the Art of Memory Forensics signed by all four authors. I will be very surprised if this book doesn't win a 4cast award this year I was also the lucky recipient of a $100 Amazon gift card at the OSDF conference!

My friend Carlos Cajigas has a new post up on his Mash that Key blog talking about using the built-in tools in Linux to view text based logs. He goes through auth logs from his Linux server and shows how to use grep, cut, head and other commands to narrow down the data to what you're really wanting to see. This is well worth a read if you find yourself parsing through server logs to the point of driving you nuts.

That's all I've got for right now. 2014 was a great year for DFIR and I look forward to seeing what this new year will bring.

Thursday, January 1, 2015

Book Review--Penetration Testing

Welcome to the long overdue review. I was contacted by the good people at No Starch Press early in 2014 and asked if I would like to review Penetration Testing by Georgia Weidman when it came out. I jumped at the chance, as I had no background in pen testing, but I've always found the subject interesting. I thought learning about attack techniques might help me be a better forensic investigator as well. I received the book soon after the initial contact but due to a number of things failed to get this review done till now. My apologies to No Starch and Georgia Weidman for taking so long to get this posted.

This is a big book, with 20 chapters comprising a total of 476 pages, not including the index. There are supplemental materials and a Linux virtual machine available for download that allow the reader to  work the examples in the book. Additionally, guidance is given on setting up your entire virtual lab. The guidance includes setting up Windows XP, Windows 7, along with Android emulators. I loved how detailed the instructions were for setting everything up. There were quite a few files to download for the labs, but it was well worth my time and bandwidth to get them.

Along with the above, a torrent is available to download the same version of Kali Linux used in the book. I was unable to use it with VMWare Workstation and it turned out it would run in VMWare Player, but not necessarily in Workstation. I wound up building my own Kali virtual machine and used it through all the labs.

The book covers a little programming in some spots, so a programming primer was included. I am definitely NOT a programmer, so I found this primer to be very helpful.

Throughout the rest of the book, topics such as Metasploit, information gathering, finding vulnerabilities and even post-exploitation are covered. Instruction is given on web application testing, wireless attacks, exploit development and mobile device hacking are also covered in great detail.

After reading this book, I understand so much more about penetration testing than I did before. I learned a lot about how pen tester's gather the information and use it to their advantage through social engineering and other means. I also now have a much greater understanding of how attacks are done and I believe that understanding will help me do my work as a forensic investigator even better.

Weidman does an outstanding job of covering a pretty big range of topics in this book. With the wide range of topics, I can see how it would be difficult to put it all in one book and wind up with something that works, but she managed to pull it off. I enjoy her writing style and loved the labs, too. I don't know how long it took her to put this book together, but it's obvious she spent a lot of time writing and creating the labs and supplementary materials.

If you want to learn about many aspects of penetration testing, I highly recommend this book to you. This book is everything, including the kitchen sink and after reading this book you'll come out with a much better understanding of what pen tester's do and how they do it.