Thank the interwebs for making what was once old new again. Earlier this week, denizens of the #DFIR hashtag on Twitter dredged up an old blog post from May 2014 about CEIC 2014.
At the risk of provoking the Streisand effect, I'd like to offer a contrasting perspective on what I can only describe as an emerging conspiracy theory. Let's walk while we talk (in case someone is listening...).
So many artifacts, so little time… Summer edition
EnCase is an extensible digital investigation platform. Simply put, extensibility reduces time and effort for the investigator. One way to validate this claim for yourself is to take a look at the depth and breadth of the ways EnCase can work with existing tools in your kit. For example: Do you already own Magnet Forensic's IEF? IEF and EnCase work together to reduce work for investigators. Have you considered how to integrate threat intelligence into your DFIR regimen? EnCase and Cisco Security (formerly ThreatGRID) collaborate to reduce IR time and effort. Let’s walk through a few ways extensibility works in your favor.
- Posted by: Miller
- On: 6/27/2014
- No comments
- Categories: Cisco Security , EnCase App Central , EnCase Forensic , EnScript , Image Analyzer , Internet Evidence Finder , Malware Analysis , ThreatGRID , VirusShare , WetStone
Working with EnScript and .NET/C#
The ability to manipulate and interpret data structures within evidence has long been a strength of EnCase. EnScript—a core EnCase technology—has enabled investigators and incident responders to be efficient, automating the most sophisticated or mind-numbingly rote techniques. For instance, take Simon Key's (@SimonDCKey) recent post on the OS X Quick Look Thumbnail Cache: the ability to mine, extract and work with critical data for your case is available now. This app, courtesy of Guidance Software Training, just happens to be free, enabling the DFIR community to take advantage. If you need to keep pace with the perpetually accelerating gap between data and the investigator’s ability to understand that data, having extensible, flexible tools in your kit is not optional.
- Posted by: Miller
- On: 6/13/2014
- No comments
- Categories: .NET , EnCase App Central , EnScript , Integration , Training
CEIC 2014: The Car of the Future May be a Forensic Gold Mine
Move over KITT,
it looks like you have some competition.
Automotive leaders like Chrysler, Ford, BMW and General Motors are investing in technology that incorporates text-to-voice solutions, enabling drivers to check email and text messages as they drive. With Ford SYNC, drivers can make hands-free phone calls, control their music and more with voice commands.
In his session on vehicle forensics at CEIC 2014, Berla Corporation CEO Ben LeMere discussed new and emerging technologies that are being adopted by automobile companies. These companies are now developing vehicles that create an experience to entertain and inform drivers and passengers while also facilitating voice and data communications on the road.
Automotive leaders like Chrysler, Ford, BMW and General Motors are investing in technology that incorporates text-to-voice solutions, enabling drivers to check email and text messages as they drive. With Ford SYNC, drivers can make hands-free phone calls, control their music and more with voice commands.
In his session on vehicle forensics at CEIC 2014, Berla Corporation CEO Ben LeMere discussed new and emerging technologies that are being adopted by automobile companies. These companies are now developing vehicles that create an experience to entertain and inform drivers and passengers while also facilitating voice and data communications on the road.
Evidence Encryption in the Post-TrueCrypt Era
In the news last week, the anonymous developers of TrueCrypt very publicly announced the discontinuation of TrueCrypt development, and declared TrueCrypt "not secure." The vagaries and abruptness of the announcement have caused a disturbance in the interweb at large. A search on "TrueCrypt" yields no less than 27,000 hits categorized as "News."
TrueCrypt has been a double-edged sword for digital investigators. On one edge, TrueCrypt's wide availability means it has been used to hide data from the eyes of investigators. Full disk, container, and hidden container encryption have created "game over" situations for investigators for years. Attendees of Guidance Software's Training courses learn about common uses of TrueCrypt and practical techniques to deal with them, including use of EnCase with tools like Passware.
- Posted by: Siemens
- On: 6/06/2014
- No comments
- Categories: EnCase Evidence File , Encryption , TrueCrypt