Brad Garnett

Welcome to my Digital Forensics and Incident Response oasis!

Digital Forensics, Incident Response, and Information Security

DFIR: Sunday Reading

After catching up on my RSS feeds this morning, there are a few articles that I thought I would share.

  1. 2014 Forensic 4 Cast Awards: Have you submitted your nomination?
  2. The Volatility team has a good blog post up regarding POS (Point of Sale) Malware that was allegedly used in the Target data breach.
  3. Master Linux forensicator and SANS Instructor Hal Pomeranz has started a GitHub with his perl scripts that he uses in forensic examinations. 
  4. @jackcr's  Handler Diaries Blog: Keeping Focus During An Incident is a good read for the incident responder. 
  5. Unless you have been living under a rock, you probably follow Harlan's Windows IR blog and Corey's Journey Into IR blog. Both are superb resources for the forensic examiner and incident responder.
  6. David Cowen's HECF Blog is updated daily. Every Friday, David and his team host the Forensic Lunch. This past week's show featured Sarah Edwards and Craig Ball. Sarah discussed her upcoming Mac Forensics course with SANS. I've met Sarah and have heard her speak. Being a Mac forensicator, I am looking forward to this course. Craig Ball, Esq. discussed his role in being a Special Master in civil courts and brought an excellent perspective of digital forensics in the American court system. If you are a forensic examiner, make sure you watch his segment on the Forensic Lunch
  7. Shellbag Forensics by Dan Pullega shared his research to his blog last month and is continuously updating it. Dan's research is being updated regularly (01.14.2014). Dan has done some groundbreaking research and if you are looking for someone to nominate for the 2014 Forensic 4cast Awards, this would be someone you should consider.
  8. Finally this Sophos article also caught my attention, Anonymous Yelp reviewers must be outed, US Court rules. This article points out,"...that anonymous users aren't covered by First Amendment protection of free speech if a review is "based on a false statement"...". As a society and with the evolution of technology, people have generally become desensitized. Don't say something online that you would not say or feel comfortable saying in person. So remember, spreading false information does not carry First Amendment protection of in itself. If you are interested in reading excellent articles and case studies on cyber crime and cyber conflicts I would recommend Susan Brenner's Cyb3rCrim3 blog. Another great legal resource is Benjamin Wright's blog at