Brad Garnett

Welcome to my Digital Forensics and Incident Response oasis!

Digital Forensics, Incident Response, and Information Security

DFIR: Sunday Reading 01/26/14

Here are some recent articles from this past week that I thought were noteworthy and share:

  1.  Patrick Olsen has a blog post up that I should've included in last week's Sunday reading "Know your Windows processes or Die Trying". Patrick provided a high level overview of Windows processes and also reminded and reiterates of how important it is to "know normal" on Windows systems that we are analyzing.
  2. Harlan has included his book review of Cloud Storage Forensics up on his blog. Speaking of Harlan, WFA 4/e is rumored to be released in April. 
  3. The weekly Forensic Lunch hosted by David Cowen is every Friday @ NOON Central Time. This week's Forensic Lunch featured Hal Pomeranz and Jake Williams. Hal discusses his Digital Forensic Perl scripts that he posted to GitHub and Jake discusses his recent Shmoocon Talk with Alissa Torres on anti-memory forensics titled ADD. Also, this week's show featured Lee Whitfield discussing his new online safety videos series. Kudos to Lee for creating this series for anyone who wants to learn more about the dangers of the internet today. A great way to give back to the public at-large on computer security issues today. Lee's first video, Streaming Consequences has gone "viral" and has had over 21,000 views to date. Online Safety: Part I is also now available. If you can't catch the Forensic Lunch live, catch this week's show and past shows on YouTube.
  4. Michaels Stores just announced and alerted its customers that is may have also suffered a potential POS (point of sale) data breach. This is yet another "known" retailer to have recently announced of a data breach since December. Target announced in December and Neiman Marcus announced just a few weeks ago.
  5. e-Discovery Law Blog: This article points out on why it's important for organizations to preserve ESI (electronically stored information) in anticipation of litigation and sanctions for "selective" preservation.
  6. Brian Moran of BriMorLabs has a new blog post up on his blog regarding RAM scrapers. A very good read and overview of RAM scrapers targeting POS systems for credit card data.
  7. Benjamin Wright, Esq. has a new blog post up titled Legal Evidence from Dedicated Computers. Benjamin provides good, cyber investigative techniques from a legal perspective. Mr. Wright is an attorney and also a SANS instructor.

Finally, SANS just announced the #DFIRCON photo contest. If you are looking for top-notch Digital Forensics training, SANS is having a contest to win a FREE Simulcast seat for the upcoming DFIRCON March 5-10 in Monterey, CA.