CEIC 2015 is Over
This year’s CEIC is over. After a long and relaxing holiday
weekend, it feels almost like it was months ago. I really enjoy being involved
with CEIC every year because it gives me a chance to catch up with old friends
and meet new ones. The real reason (at least the one we tell our bosses) we all
go to CEIC is for the great sessions. There were so many of them this year that
I wish I could have cloned myself to see them all. To make it a bit more
difficult, CEIC is not just a training conference for me since I am part of the
team putting it on. I wanted to put down some of my experiences from this year.
The most rewarding thing to me during the entire conference
is to hear from past students about their success in completing the EnCE
certification. The only way to achieve that cert is by dedication and
perseverance. I get thanks from them for teaching classes they attended, but I
didn’t take the test. Their excitement and enthusiasm is infectious and I love
it! Congratulations to everyone who passed the 1st phase during
CEIC, and good luck on the 2nd.
If you didn’t get to attend CEIC this year, you missed a
good one. Try again for next year, and I think you will be well rewarded.
Some Sessions
Because I am part of the setup and operations of CEIC, I am
not usually able to attend full session, but there are a few that I really
enjoyed that I wanted to give mention to.
Monday started off great hearing about new features in IEF
from Jamie McQuaid and Rob Maddox
of Magnet Forensics in Investigating a User’s Internet Activity across
Computers, Smartphones and Tablets. This team knows how to stay on top of
industry trends and to enhance their tools with a quick response. It is great
to know that Guidance has a partner dedicated to examiners like we are.
A must-see for me is Tracking the Use of USB Storage on
Windows 8 by Colin Cree. He has been researching
USB artifacts on Windows for many years, and somehow seems to find new
intricacies every year. No disappointment this year!
It’s a safe bet on
the SANS crew. I enjoyed APT Attacks Exposed: Network, Host, Memory and
Malware Analysis since you can never learn too much about how others
operate and think. It helps us all grow, and I am glad that Rob Lee, Anuj Soni, Chad Tilbury, and Jake Williams are sharing their
experiences.
I am a firm believer
in everyone learning to code as a skill. Mari DeGrazia and Ron Dormido laid out a great foundation
in Practical Python Forensics for those wanting to learn Python as their
language. Extra points since they showed how to integrate EnCase and Python!
Memory forensics has
become a huge source of information in all types of investigations, and Jamie Levy knows this better than most.
As a part of the Volatility team, she is an immense resource and shared it in Rootkits,
Exfil and APT: RAM Conquers All to help us all. I learned a lot about using
Volatility from this session. I also learned about her twitter handle outside
of the session, but leave it to her to spread that.
My Sessions
I had a lot of fun
this year talking in my sessions. I talked about how you can expand EnScript
with .NET and Python code. It was exciting to me since everyone seemed to also
be excited about the possibilities. I also got a chance to speak with Matt McFadden
about EnCase Portable and the huge potential it has for examiners. Got to share
how I used Portable on a case to handle a location with 4 examiners and 60+
computers, and we were done before dinner! Talked to many after the session
that were excited about using it at home.
Deserved Recognition
Lastly, I wanted to
give some recognition for a couple people from the Guidance Software team that
really make CEIC the conference that it is. The entire Guidance team works really
hard for this event, but these two really make it shine.
There is a technical
team that I am part of every year, and it is managed by Jamey Tubbs from the training
division. He puts in a ton of hours, before many of you even register for CEIC,
in working with the event team, hotel technical staff, and our computer rental
vendor. Our conference is unique from many others because of the large scale
labs with supplied computers, and it would not be the same without him.
Until you read from me again!
James Habben
No comments :
Post a Comment