Post has shared content
Sometimes verifying your analysis with alternate tool won't help, if both tools rely on the same technique.
How a vendor can ditch forensic tool and the analysts depending on those tools. Rob Lee (SANS) recommends snapshotting the complete environment including the tools and dataset for longterm storage, just in case you need to trace back such glitches in past investigations.

Post has attachment
New updates in FOR508 Advanced Digital Forensics, Incident Response & ThreatHunting course will blow you away! Join Rob Lee's webcast & learn what's new! http://www.sans.org/u/n5z
Photo

Post has attachment

Post has attachment

Post has attachment
New years resolution was to be more active on my blog... Here is the first post which describes how you can export locked files using PowerForensics.

Post has attachment

Post has attachment
Learn how to recover ‪#‎iWatch‬ wiped data with ‪#‎FOR585‬ - Take the class right in your neighborhood! ‪#‎CommunitySANS‬, ‪#‎ChantillyVirginia‬ Dec7 sans.org/u/aiP 
Photo

I will be taking the Forensics 508 class in October.  I have a dedicated machine  that I will be using for the class and my intention is to use it for future security/forensics work when needed.

It's been a while since I've had to purchase a VMWare license.  Does the group have any recommendations on which VMWare workstation license would be best? From the comparison it looks like creating snapshots is only available in the Pro product which is $100 more than the Player. Outside of that I don't see a need for most of the additional offerings of the Pro product.

Thanks in advance for your guidance.

Post has attachment
Minorities & Women ... in cyber security!?  (What's this world coming to!)

The CyberFETCH people have two upcoming interviews that deal with exactly that.  In the next few weeks, they will be talking with Tammy Torbert (a director at the Women’s Society of Cyberjutsu) and Devon Bryan (Founder of the International Consortium of Minority Cybersecurity Professionals).  All the questions come from the readers, so if you are in any way curious about either of these groups, now's your chance.  You'll see links to their bios down the right side of this page, and you can email in your questions.

Post has attachment
FWIW, the people at CyberFETCH have been doing a weekly interview series.  This week, it's Amber Schroader (Paraben).  Last week it was Joseph Hall (Center for Democracy & Technology).  The questions come from the readers, so feel free to visit and toss some Q's into the mix.
Wait while more posts are being loaded