Thursday, November 10, 2011

5 Side Benefits to Attending a DFIR Conference

I got back from the PFIC in Park City yesterday afternoon.  Harlan Carvey already posted a great account of the PFIC so I won't do a full redux.  Instead, I have included some side benefits to attendence for those of you who are on the fence about going to future conferences.


Benefits You May Not Have Considered...


1 - If you lose your iPhone, it will get returned.  However, it will also have been imaged and analyzed in depth by those who have yet to get the chance to work on one in their cases.  To, you know, figure out who it belongs to and stuff.  Yeah.

2 - The presenters are the DFIR equivalent of Justin Bieber Twilight actors someone actually good at what they do.  And this is a way to meet them in a way that doesn't end with an inconvenient restraining order.  

3 - After years of being avoided during parties when you start talking about your work, people you meet actually want to hear about the details of how you do your job.  Extra bonus:  Not being compared to a TV character on a crime procedural.


"Nerd Porn"
It's beautiful, isn't it?

4 - No one asks you if you can fix their computer.  If someone does have a problem - like malware - they happily tell you what artifacts they examined and analysis insight gained as a result. 

5 - Nerd Porn*.  Because there is something strangely satisfying about watching hex in a room full of strangers.

* Phrase coined by @keydet.

But of course, the chance to meet up with other people in the industry is by far the biggest bonus to these events.  Thanks to all who made the time fun and useful.  I'll see you on the flip side...

UPDATE:  For those who went to the conference and want to catch up with some of the people there, here is a list of attendees that I am aware of:

Journey Into Incident Response - Corey is as amazingly knowledgeable as his blog suggests, but is also incredibly approachable. 
WriteBlocked - Mike will melt your brain with his knowledge of NTFS.  True story.  He is also a great resource for lost iPhones.
Forensic Methods - Seeing Chad present solidified my longing to attend a SANS course.  Very, very good stuff. 
Windows IR - I resisted the urge to bring my DFIR library in order to have Harlan sign each book.  It was great to see him present, as he not only knows his stuff but is incredibly good at conveying the concepts.

7 comments:

  1. If you are going to post pictures of nerd porn - please show the full 0x200 bytes, 0x1C0 bytes just doesn't do it for me.

    ReplyDelete
  2. @Binarybod I can see you are a true aficionado!

    ReplyDelete
  3. I told you I'd remember ;-) Will check back often.

    Shawn

    ReplyDelete
  4. Don't forget the part you meet weird people like opera singing marine infrantrymen who dabble in cyber forensics...hmm, does that even exist?

    ReplyDelete
  5. @Shawn Welcome! Hopefully we will get to catch up at future conferences!

    ReplyDelete
  6. You should've brought your books...I'd've signed 'em!

    ReplyDelete
  7. Unfortunately we dont have too many conferences like this over here in Australia, but i was lucky enough to get to SANS las vegas and did SANS408 with Chad and the whole week was a great experience! Would love to see some more people come and present for us down under ;)

    ReplyDelete