Monday, July 25, 2011

Why another Digital Forensics Blog?

Unchained Forensics, not a hit song by the Righteous Brothers. My humble attempt in this blog is to discuss and set a forum for getting examiners "unchained" from commercial forensics software. To express the need to feel the freedom of forensics outside of the button pushing and wait for results world of canned forensics, and to have the peace of mind that comes from knowing not only what you found, but why and how.

In rereading Harlan Carvey's "Windows Registry Forensics", I was struck by his comment "many analysts are consistently behind the power curve, learning from the bad guys...", a condition I believe results at least partially from waiting on your software vendor to supply the next upgrade with new tools.How about we develop the ability to write our own tools to tackle that issue before the vendor? A to take it a step further, how about we practice, test, and PLAY to locate and find the weaknesses and develop out tools even faster and in a more targeted fashion.

Remember Clint Eastwood in "Heartbreak Ridge", "Adapt, Improvise and Overcome". That should be our motto as Forensic Examiners.