Wednesday, April 11, 2012

Prepping for April DFIROnline

I've been very excited to be able to present a portion of the upcoming DFIR Online on April 19th.  The presentations so far have been great, and both Hal and Corey upped the bar last month with some really amazing information.  My time slot is scheduled for around 10-15 minutes - which works perfectly for me.  I think I can manage a modicum of professionalism for that amount of time.

I hinted on twitter that I've been working on a project for the presentation - I have to try to stand out in this crowd of top-tier people somehow!  Basically, my idea for the project was to create an interactive online "Case Experience" (hereafter referred to as CE) that people could use as a learning tool.  Frankly, the idea is better than the execution, but I've been having a lot of fun trying to figure it all out.

Though not an all-encompassing CE, here is a sneak peek at what I will be talking about next week.  The answers aren't all there, and the artifacts shown should raise some questions.  So, feel free to take a look, or just keep the mystery alive.  Either way, hope to see you on Thursday!

6 comments:

  1. I suggest opening the Interactive Case Experience in another browser other than firefox. Perhaps it is just my installation, but several letters are missing from many words. When I open it with IE all the words appear. Strange...

    ReplyDelete
    Replies
    1. Thanks for the heads up! I haven't tried it in firefox, but I'll take a look.

      Delete
  2. Hi

    Would love to correspond more with you about CCleaner as I myself have been finding it along with other software in cases.

    ReplyDelete
    Replies
    1. You can email me at girlunallocated at gmail.com
      I'm happy to share whatever I know, though I'm sure you could share a thing or two with me as well!

      Delete
  3. Great job last night with the DFIROnline presentation. Lots of great information was passed, and I wouldn't worry too much about some of the questions that came up...you reacted to and handled them very well.

    I especially liked how you identified the goals...determine spoliation...and the timeframe...any activity that occurred after the preservation order. This really demonstrated that this whole "find all bad stuff on the drive" is neither "real world" nor all that viable.

    I look forward to your presentations in the future.

    ReplyDelete
    Replies
    1. Thank you! I hope it was useful to someone. I just realized I forgot to mention you as I was praising RegRipper. Hopefully everyone knows you are the brains behind the project! Thanks for making my life so much easier by putting that stuff out there.

      Delete