Monday, July 25, 2011

Why another Digital Forensics Blog?

Unchained Forensics, not a hit song by the Righteous Brothers. My humble attempt in this blog is to discuss and set a forum for getting examiners "unchained" from commercial forensics software. To express the need to feel the freedom of forensics outside of the button pushing and wait for results world of canned forensics, and to have the peace of mind that comes from knowing not only what you found, but why and how.

In rereading Harlan Carvey's "Windows Registry Forensics", I was struck by his comment "many analysts are consistently behind the power curve, learning from the bad guys...", a condition I believe results at least partially from waiting on your software vendor to supply the next upgrade with new tools.How about we develop the ability to write our own tools to tackle that issue before the vendor? A to take it a step further, how about we practice, test, and PLAY to locate and find the weaknesses and develop out tools even faster and in a more targeted fashion.

Remember Clint Eastwood in "Heartbreak Ridge", "Adapt, Improvise and Overcome". That should be our motto as Forensic Examiners.

1 comment:

  1. > How about we develop the ability to write our own tools to tackle that issue before the vendor?

    The first step is to step outside the mindset of Nintendo forensics and not wait for your tool vendor to tell you how you're gonna go about doing your job.

    The next step does not involve learning to involves engaging with fellow examiners to exchange questions and information about solutions. Chad Tilbury's recent blog post regarding Shellbags included the comment that he'd engaged with Rob Lee, who recommended an available solution rather than Chad creating his own from scratch. If you have no desire to learn to program, there's nothing wrong with that...what you will have to do, however, is engage with others and be willing to provide support to those who offer you solutions...and support can be as simple as a "thank you" or feedback.

    The bad guys have an economy that supports what they do...we'd be wise to take a page from their book.