A variety of forensical tidbits this week, from new tools to a history of photo manipulation, and a relaxation of the PI requirement in VA. If you have an interesting item you think should be included in the Digital Forensics Case Leads posts, you can send it to email@example.com.
- Mandiant has released an update to their Highlighter tool to V1.1.2. You can read information about the update here.
- Dell has extended their digital forensics line to include a mobile offering, consisting of a hardware/software bundle to enable faster evidence collection at incident locations. Check out the toys.
- Chris Pogue (@cpbeefcake) has written a Part 4 of his “Sniper Forensics” blog series on “Finding Evil” with some good guidance on helping customers clarify their own goals in an engagement. Check it out on Trustwave’s Spiderlabs blog here.
- The Cryptonomicon blog has an entry with an overview of using Encase and FTK to acquire and analyze solid state USB drives. With all the current discussion of SSDs, more people will be looking into the subject, and this entry provides a good start for process.
- Today’s issue of Digital Forensics Investigator includes some articles worth reading, including an introduction to SIM (the card in mobile phones, not the game character) Forensics describing the basics of SIM card themselves.
- DFINews also has a solid article on the importance of validation of forensic software. Particularly with the prevalence of open source tools, it’s critical that examiners understand the importance of validation, and demonstrate their understanding by practice.
The MNIN Security Blog includes a recent post which describes how the author found network socket and connection information in Windows Vista/7 memory. He used that information to contribute a new Volatility plugin, but this post describes how he discovered the information needed.
- The State of Virginia has elected to exempt computer forensics practitioners from private investigator licensing. Text of the amended legislation can be found here. And there was much rejoicing….
- Mandiant has announced that Richard Betjlich (@taosecurity), formerly head of GE’s CIRT and current member of the SANS Forensics Advisory Board, will be joining Mandiant as Chief Security Officer and Security Services Architect. The press release is here.
- Nominations for the Forensic 4cast Digital Forensics Awards are open. Submit your nominations at http://www.digitalforensicsawards.com/
- The program for the SANS summit – What Works in Incident Response Summit (see below) is being finalized. Chris Pogue will be returning give an update to last years presentation – Sniper Forensics 2.0: Target Acquisition. Stay tuned for more speaker announcements.
- 2011 DC3 Digital Security Challenge for US High School Students.Registration now open!
- Forensics 408: Computer Forensic Investigations – Windows In-Depth – San Diego CA, May 5-10, 2011
- Forensics 408: Computer Forensic Investigations – Windows In-Depth – Morristown NJ, May 9-14, 2011
- Computer and Enterprise Investigations Conference (CEIC) 2011 – Orlando FL, May 15-18, 2011
- AccessData User’s Conference – Las Vegas NV, May 15-18, 2011
- SANS What Works in Forensics and Incident Response Summit – Austin, TX, June 7 – 8, 201
- 3rd International ICST Conference on Digital Forensics & Cyber Crime – Dublin Ireland, October 26-28, 2011
- The 2011 Sleuth Kit and Open Source Digital Forensics Conference has issued a call for papers. The event will be held on 14 June in McLean VA, and the CFP is available here.
- The ACFE is holding a fraud conference in San Diego, CA on June 12-17, 2011. Track E of the conference is geared specifically toward investigators performing digital forensics. More info on the conference is available at http://www.fraudconference.com.
Digital Forensics Case Leads for 20110325 was compiled by G W Ray Davidson, PhD, CISSP, GCIA, GCFA, ETC, assistant professor of Information Technology at Purdue Calumet, SANS Mentor and serial facilitator.