Profile

Cover photo
David Cowen
Worked at G-C Partners, LLC
Attended University of Texas at Dallas
Lives in Plano, Texas
718 followers|372,196 views
AboutPostsPhotosVideos

Stream

David Cowen

Shared publicly  - 
 
If you haven't seen my speaking schedule for 2014, this may be my favorite talk/conference so far planned #dfir http://dfir.to/David-Summit14
1
Add a comment...

David Cowen

Shared publicly  - 
 
I wish this had come out earlier so I could have included this in this weeks saturday reading.
 
In case you haven't yet heard, I'm transitioning out of my role at CloudPassage and am looking for the next opportunity.
1
Add a comment...

David Cowen

Shared publicly  - 
 
Do you have a great DFIR story? I think most of us have at least one that we tell when sharing the drink of our choice amongst our peers. Let's see if you have the best DFIR story in this week's Sunday Funday challenge and you could win a free ticket to SANS DFIR Summit 2014 in austin, tx. A ticket worth $1,495!
http://hackingexposedcomputerforensicsblog.blogspot.com/2014/01/daily-blog-203-sunday-funday-11214.html
3
1
National CCDC's profile photo
Add a comment...

David Cowen

Shared publicly  - 
 
Sunday Funday is up! This week it's a Windows 8.1 challenge requiring some research into how LNK files are being created. In order to reward such effort I"m putting up for grabs a prize I've been saving.

A free ticket to the SANS DFIR Summit 2014 in Austin, Tx. This ticket, if you bought it early, is worth $995 and it can be yours for the small price of your time!

Best of luck!

http://hackingexposedcomputerforensicsblog.blogspot.com/2013/12/daily-blog-175-sunday-funday-121513.html
5
1
Seth Ludwig's profile photoSteven Bernstein's profile photoKevin McMullin's profile photo
2 comments
 
Wish I had time to participate, I had fun last time I researched your topic!
Add a comment...
In his circles
1,392 people
Have him in circles
718 people
Matthew Stiger's profile photo
Gregory Hayes's profile photo
Nina Pelletier's profile photo
Zoltan Szabo's profile photo
Steve M's profile photo
julio pantoja's profile photo
Shelly Giesbrecht's profile photo

David Cowen

Shared publicly  - 
 
A great first post from Brian Moran, let's hope for many more.
 
All memory dumping tools are not the same
<DISCLAIMER: I am not an in-depth technical expert on memory analysis, and your results and analysis may vary> A few days ago, Takahiro made a blog post regarding some issues that he discovered while processing a 16GB memory dump on a Windows 7 machine (if ...
1
Emory Mullis's profile photoTaurean Dennis's profile photo
2 comments
 
I ran into this issue as well. Me and my colleague imaged ram from a test system that had windows server 2008 with 50gig of ram.

We used the free version of DumpIT that produced a memory image that Volatility 2.2 could not pull any artifacts from.

We then tried ftk imager on the same system. Volatility 2.2 was able to process the image with no issues.


Add a comment...

David Cowen

Shared publicly  - 
 
https://plus.google.com/u/0/b/105962155502598586194/events/c7u8kpplc43mb5tublcgghu6c3c

Live in 40 mintues, we have a great show today. 
Christian Prickaerts from Fox IT discussing the new EU privacy directive and notification requirements
Carlos Cajigas of Epyx Forensics, http://www.epyxforensics.com/blog discussing his research into booting images into vms in Linux with FOSS
Kevin Stokes demonstrating our new super multi boot USB response thumbdrive
1
Add a comment...

David Cowen

Shared publicly  - 
 
Three guests lined up for the forensic lunch this week, +Lee Whitfield  +Nicole Ibrahim  and +Sean Conover  #dfir ow.ly/sd91p

Lee talking about the nominations process for the Forensic 4Cast Awards
Nicole talking about her research into MTP device artifacts within windows
Sean talking about his work using memory analysis techniques and infosec skills in his DFIR work for video games at Sony Online Entertainment
6
1
Sean Conover's profile photoErik Musick's profile photoKyle Maxwell's profile photoNik Roby's profile photo
3 comments
 
Up until today I haven't even logged into G+ ugh
Add a comment...

David Cowen

Discussion  - 
 
Not sure if this community is aware but we do a live forensics talk show every Friday at Noon CST (GMT-6) with different guests. This week we have Amber Schroader from Paraben talking about the new version of Device Seizure and Robert Haist talking about his research recovering cmd execution from the pagefile. https://plus.google.com/u/0/b/105962155502598586194/events/ccplgkuh7csbkg2kpujdrruccfg
3
David Cowen's profile photoMichael Gough's profile photo
3 comments
 
Thanks !
Add a comment...

David Cowen

Shared publicly  - 
 
Daily Blog #148: Sunday Funday Winner! A great answer this week from Martijn Veken going into depth on CD burning artifacts in Windows 7! http://hackingexposedcomputerforensicsblog.blogspot.com/2013/11/daily-blog-148-sunday-funday-111713.html
2
Add a comment...
People
In his circles
1,392 people
Have him in circles
718 people
Matthew Stiger's profile photo
Gregory Hayes's profile photo
Nina Pelletier's profile photo
Zoltan Szabo's profile photo
Steve M's profile photo
julio pantoja's profile photo
Shelly Giesbrecht's profile photo
Work
Occupation
Computer Forensics
Employment
  • G-C Partners, LLC
    Partner
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Plano, Texas
Links
Story
Introduction
Computer Forensics Expert, Writer, Blogger, Dad
Bragging rights
Author of Hacking Exposed Computer Forensics, Anti Hacker Toolkit 3rd edition and the upcoming Computer Forensics, A Beginners guide. Read my blog hackingexposedcomputerforensicsblog.blogspot.com
Education
  • University of Texas at Dallas
Basic Information
Gender
Male