Monday, June 11, 2012

An Open Source Testing Guide for My SANS360 Talk

This is it... the final sneak peek before my debut in the SANS360 at the DFIR Summit in Austin.  Last week, I shared the Report Writing Guidelines included in the talk, and today I am happy to share a quick graphic relating to the testing of Open Source tools.

As investigators in the DFIR field, FOSS tools can become a very important part of our analysis tool kits.  But perhaps just as essential as learning and utilizing new tools is the ability and time investment to really understand what it is that they do.  Not only will this allow us to increase the efficiency of our exams, it also can help with the never-ending journey of discovery that we, and all of the DFIR community, are on.

I am planning to extend various parts of this graphic in future.  If you have any suggestions for improvements (and I know there are a lot that could be made!) please feel free to e-mail me.

Also, for your viewing pleasure, here is a sneak peek at FE as she gears up for her journey to The Wonderful World of FOSS:


  1. For a greater range of motion, would you consider "Spaulders of Special Coding"? Great post. I wish I could attend the DFIR summit. Good luck on your 360 presentation. Break a leg!

    1. Awesome! The story ends with FE getting a new set of armor, and I think the "Spaulders of Special Coding" would be fantastic! Too bad you can't make it to the Summit - hopefully paths will cross sometime in the future.