Just a quick note to say that the NYC4SEC group is holding a Meetup on Wednesday November 16, 2011 with Eric Huber of A Fistful of Dongles fame. Eric will be discussing Advanced Persistent Threat as it relates to digital forensics and incident response professionals. I’m looking forward to seeing old friends and meeting new people in the field. I can’t say enough times how much NYC4SEC has given to the New York DFIR community. Great thanks to Doug Brush and Jamie Levy for helping organize our group month after month. Please RSVP – we hope to see you there!
Category Archives: Community
Digital Forensics [Internet] Search Introduced by Corey Harrell
Corey Harrell has just proved the old adage that sometimes simple solutions are the best (and I mean that in a very good way). On his blog, Journey into IR, you’ll find a link to a custom Google Search for the Digital Forensics Search. Google’s Custom Search functionality allows you to create a link to a Google page that only searches specific sites, much like using the “site:” keyword in a search, except specifying numerous sites, generally on a similar topic. What a fantastic idea! This should be a great place to find valuable information that is specific to digital forensics as opposed to weeding through the sometimes useless hits on a broader Google search. I have also posted a Google widget on my sidebar that goes directly to the search page as a constant reminder (I tend to forget things like this after about five minutes). Thanks Corey!
Corporate E-Discovery Forum on Social Media
A few weeks ago I had a unique opportunity to attend the Corporate E-Discovery Forum’s (CEDF) New York Forum. The CEDF is a non-profit organization that hosts and guides gatherings for its members, consisting of over 200 corporations and 400 individual participants, to encourage collaboration on E-Discovery issues. The forums give members the opportunity to discuss document retention policies and enterprise content management practices, litigation holds, preservation, collection, processing of electronically-stored information, cost and risk management, best practices to avoid spoliation and sanctions, and understanding plaintiffs’ strategies. Although vendors participate in the forums, they contribute equally with other members based on their experience (no sales pitches allowed).
Although there was a large turnout, I was pleasantly surprised at the level of interaction achieved in the sessions. Board members Nicholas Bunin, Jeri Head, and Patrick Gibson did a great job introducing sessions and spurring conversation. The board places great emphasis on active communication as opposed to having a single presenter talking at the crowd.
This recent forum was all about social media – Facebook, LinkedIn, Twitter – in corporate environments. Social media has obviously been around for quite some time, but in the corporate environment, policy makers are just getting comfortable with its use for business purposes. As a user, my first instinct is to question why this causes a problem; as a corporate investigator, I can tell you that social media can cause significant problems in the workplace and creates a whole new medium in which violations can occur. There are myriad new legal guidelines emerging around how corporations should regulate these tools in light of the current legal landscape. Regulatory agencies have also recently had their say on the diligent monitoring that must occur in the financial industry in relation to social media.
The forum had four main sessions during the day: Social Media and Reducing Risk, Practical Guide for Corporations to the Identification, Collection and Production of Social Media, Social Media Policy, and Social Media Dialog with Judges. While the guidelines of the organization prohibit sharing of content outside of the forum, I’ll just say that the day was well spent and I learned quite a bit. The next forum theme will be Cloud Technology, and will take place at the San Francisco Forum in June. The Corporate E-Discovery Forum would love to have new members participate and contribute to the discussions, and welcomes technical practitioners as well. If you’re a member of a corporate E-Discovery team, whether legal or tech, I’d highly encourage you join and participate!
Haruyama’s New Addition to My Timeline EnScript – FileName Attribute Parsing
Takahiro Haruyama, who is well known for bringing the power of Volatility to EnScript land, made a great revision to my Timeline EnScript by adding MFT FileName Attribute parsing to it! He’s published the update on his blog. This really makes the script much more versatile and I think forensics practitioners will love the update. Right now the script only outputs the info to the HTML view, but over the next few weeks I’ll try to find some time to push it into all the output formats and give everyone an update. Great work Haruyama, thanks for adding this much needed functionality!