My Road to Digital Forensics Excellence

Day 1 DC3-2011 Part 2

Posted by Paul Bobby on January 27, 2011

Firefox plug-ins useful for online investigations – Jesse Varsalone
I attended this presentation half-way through since the solid state drive one was so short. Plug-ins demo’d included geo-ip location, Tor, deepnet, 1-touch downloading (flash videos etc), and a passive cache plug-in. The cache plug-in I didn’t know about – when viewing cache from Google, any images in the cached data are retrieved from the live website. Passive cache ignores this and just displays the text.

Effective Expert Witness Testimony – Donald Flynn
This was a discussion about the requirements to be identified as an expert, and how to deal with cross-examination and technical presentation. An interesting comment made by the presenter jives with my investigative approach; spend the time finding both inculpatory and exculaptory evidence.

Lifting the lid on Cyber Espionage – Randy Lee
This presentation had the largest ratio of doodles-to-notes in my notepad. Yep, it slipped past me when I decided on attending that the presenter was a vendor. Ugh – must scream.

The presentation was just terrible! It was the usual pitch with one scare tactic right after the other, but from 10 years ago when vendors were still trying to sell SIMS/IDS etc. While there exists a need for these tools, the security landscape has evolved, and so must the sales pitch.

It’s the 80/20 rule – we used to spend so much money fighting 80% of the attacks. Firewalls, SIMS, log tools, netflows etc were all designed to provide real-time, behavioral (meh) capabilty as a defense against the 80% threat. The market is now saturated. The 20% threat is the focus now. The sales pitch needs to change.

Do you see what I see? – Paul Cerkez
Cerkez is a PhD student researching the automatic identification of semagrams. A semagram encodes a message in to another file – yep a type of steg, but the encoding makes use of pictures/icons to carry that message. It was an interesting cerebral diversion for the final presentation of the day.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: