Some Updates

Wow, it's been a while since I've written here.  A lot has happened since, however.  Here are a few updates:

The Book

We released a book: The Art of Memory Forensics.  For those of you who are considering teaching memory forensics or even operating systems, we have a syllabus and evidence files on our website that you may use in your classes.

Trainings

We have several trainings in line for this year, public and private.  Public trainings currently include:

• Reston, VA April 13th-17th 2015
• New York, NY May 11th-15th 2015
• Amsterdam, NL August 31st-September 4th 2015

We are also currently working on new course offerings coming out this year.  So keep an eye out for those!

Talks

I'll be speaking at the upcoming CEIC conference in Las Vegas, on Wednesday May 20th 2015.  Apparently there is a discount code if you register before January 31st: JANS4v15

The Volatility team will also give another talk at NYC4SEC during the week of the training in NYC this coming May.  More details will be given for that talk soon.

Volatility Talk at Upcoming NYC4SEC

The Volatility team will give a talk at the next NYC4SEC meetup on memory forensics on May 8th, 2014 at John Jay College.  Make sure to RSVP if you are planning to attend, since there is limited seating!

 Thanks For the Memory: Rootkits, Exfil and APT - RAM Conquers All

The ability to perform digital investigations and incident response is becoming a critical skill for many occupations. Unfortunately, digital investigators frequently lack the training or experience to take advantage of the volatile artifacts found in physical memory. Volatile memory contains valuable information about the runtime state of the system, provides the ability to link artifacts from traditional forensic analysis (network, file system, registry), and provides the ability to ascertain investigative leads that have been unbeknownst to most analysts. Malicious adversaries have been leveraging this knowledge disparity to undermine many aspects of the digital investigation process with such things as anti-forensics techniques, memory resident malware, kernel rootkits, encryption (file systems, network traffic, etc), and Trojan defenses.  The only way to turn-the-tables and defeat a creative digital human adversary is through talented analysts.
 
This talk demonstrates the importance of including Volatile memory in your investigations with an overview of the most widely used memory forensics tool, Volatility, by its developers.

-@gleeda

NYC4SEC Meeting 1/19/2011

There is an NYC4SEC meeting this month on 1/19/2011. This month our speaker is Jon Stewart who will be giving a talk about his new tool: Lightgrep. Details are below:

Lightgrep - Fast Keyword Searching for Forensics

Dislike waiting 5 days for your keyword search to complete? Been brought to tears by thousands of keywords? Lost faith in your forensics tools when they didn't find all the hits they should have? Come to this talk to see the first public demonstration of Lightgrep, a new regular expressions search tool designed specifically for forensics.

Search is a fundamental part of forensics, useful not only for discovering relevant documents and snippets of text, but also artifacts, files in unallocated space, and file signature analysis. We will discuss the basic principles behind how a grep search works, why it's important to consider how multiple keywords are handled, and how to validate a search tool's results. Finally, we'll show Lightgrep, a tool that allows for fast searching for thousands of keywords, with full EnCase integration.

Please join us on Wednesday, January 19th, 7:00pm at John Jay College - Forensic Computing Program and the Center for Cybercrime Studies
899 Tenth Avenue - btwn 58th & 59th
Room 610T - 6th Floor

Don't forget to RSVP!!!

Thanks to Douglas Brush, Prof Bilal Khan, Prof Douglas Salane and Prof Richard Lovely for helping to make this possible.

NYC4SEC Meeting 11/17/2010

There is a NYC4SEC meeting tonight (11/17/2010). This month our speaker is Professor Nasir Memon who will be giving a presentation on digital image forensics. Description below:

Photo Forensics: There is More to a Picture Than Meets the Eye

When presented with a device full of active or deleted data – what do you know about the images? Can you recover them all? Can you tell which camera they are taken with? Can you tell if they are manipulated? Can you find from the Internet all other pictures taken from the same camera? Forensics professionals all over the world are increasingly encountering such questions.

Given the ease by which digital images can be created, altered, and manipulated with no obvious traces, digital image forensics has emerged as a research field with important implications for ensuring digital image credibility. This presentation provides an overview of recent developments in the field, focusing on three problems.

First, collecting image evidence and reconstructing them from fragments, with or without missing pieces. This involves sophisticated file carving technology.

Second, attributing the image to a source, be it a camera, a scanner, or a graphically generated picture. The process entails associating the image with a class of sources with common characteristics (device model) or matching the image to an individual source device, for example a specific camera.

Third, attesting to the integrity of image data. This involves image forgery detection to determine whether an image has undergone modification or processing after being initially captured.

So please join us on Wednesday, November 17th, 7:00pm at John Jay College.

John Jay College - Forensic Computing Program and the Center for Cybercrime Studies
899 Tenth Avenue - btwn 58th & 59th
Room 610T - 6th Floor

Don't forget to RSVP!!!

Thanks to Douglas Brush, Joe Garcia, Prof Bilal Khan and Prof Douglas Salane for making this possible.

Upcoming NYC4SEC Meeting 10/27/2010

We have another NYC4SEC meetup next week on October 27th, 2010 7:00PM:

Halloween Edition - Are those knocks on your firewall doors for tricks or treats?

Either way you have to realize one of the largest threats to your environment is the human element and none other than super malware and security forensicator Lenny Zeltser will be giving us a special Halloween talk about how attackers can trick you or the people inside your organization to get access to treats. Ok, no more puns....

John Jay College has reached out and offered to host this and future events for NYC4SEC so lets spread the word and show them that the NYC cyber security community is strong in numbers and appreciate their support!


Lenny Zeltser - "Knock, Knock! How Attackers Use Social Engineering to Bypass Your Defenses"

Why bother breaking down the door if you can simply ask the person inside to let you in? Social engineering works, both during penetration testing and as part of real-world attacks. This talk explores how attackers are using social engineering to compromise defenses. It presents specific and concrete examples of how social engineering techniques succeeded at bypassing corporate security defenses. Lenny Zeltser will review how attackers have bypassed technological controls by making use of social engineering techniques. Attend this engaging talk to improve the relevance of your security awareness training and to adjust your defenses by revisiting your perspective of the threat landscape.

John Jay College - Forensic Computing Program and the Center for Cybercrime Studies
899 Tenth Avenue - btwn 58th & 59th
Room 610T - 6th Floor

More details and RSVP here:

NYC4SEC RSVP

Thanks to Douglas Brush, Joe Garcia, Prof Bilal Khan and Prof Douglas Salane for making this possible.

Upcoming NYC4SEC Meeting 9/16/10

The next NYC4SEC meeting will take place on September 16, 2010 at 7:00PM at Pace University. Details:

Grab your TrapperKeepers (I'm rockin' the red Lambo), your Saved By the Bell book covers and Garbage Pail Kids cards to stick on the inside of your locker because it's back to school time.

Pace University is our gracious host and our speaker will be Ovie Carroll who will be in town teaching a SANS Forensics 408: Computer Forensic Essentials Course here in NYC and offered to stop by after a day of training to meet our group.

If you would like to attend the 408 course Ovie has provided a special offer for a class discount! Use "COINS-OC" to get 10% off and to make sure to get into class! http://www.sans.org/new-york-forensics-2010-cs/description.php?tid=4207

More details to follow on specific room location for the NYC4SEC Meet-up but please get your parents to sign off on your NYC4SEC permission slips for Thursday, September 16th @ 7pm

Thanks to Douglas Brush and Joe Garcia for arranging this event.

More details can be found here: http://www.nyc4sec.info/calendar/14520625/

The Next HOPE and NYC4SEC

We will have another NYC4SEC meetup after Chris Pogue's talk on Sniper Forensics at The Next HOPE. You can RSVP here. Details:

This is the NYC4SEC after HOPE Meet-up for Sunday, July 18th at 6pm at Stout NYC on 33rd St. (btwn 6th & 7th) – just across the street from the Hotel Pennsylvania.

Informal meet up to hang out and mingle to talk about the highlights of the HOPE conference.

I spoke with Chris Pogue who will be presenting at the conference on Sunday at 4pm - Sniper Forensics - Changing the Landscape of Modern Forensics and Incident Response and he said he will stop by to join us. Checkout Chris’s on his blog: http://thedigitalstandard.blogspot.com/

C’mon by to drink, talk and hang with others in the NYC InFosec community!

Thanks to Douglas Brush for setting this up ;-)