Monday, August 15, 2011

Musings and Reading Notes

If you know me personally you know I am caught between two worlds. I work in a technology field that requires I know a lot of various hardware and software. At the same time, I like reading a real book in my leather chair with a Scotch poured neat and enjoy a fine cigar from time to time. Real books provide me a feel and comfort not afforded by electronic versions.

That said however, I do for most part read books related to Forensics and technology on my IPad with the Kindle app. It gives me access to a lot of information and reference in a small package wherever I am.

I am currently actively reading or rereading 3 such books. Mt method of "reading" was cultivated years ago from the book, "How to Read a Book" by Mortimer J. Adler and Charles Van Doren.  I have managed to "import" most of this method into Kindle reading. It is a book I would recommend for everyone who reads or wants to read seriously and deeply.

One of my current project books is "Perl Scripting for Windows Security" written by Harlen Carvey of blogging fame. I use Perl frequently for scripting and to write ProScripts to use with ProDiscover. Having used Perl for sometime, I am always looking for ideas and inspiration on HOW and WHEN to use it, not just how to write it. This book certainly fits that niche. Part II on Perl Scripting and Computer Forensic Analysis certainly fit the bill for what I need day to day, and I have experimented and learned some new things with SAMParse and I was surprised to see ProScripts mentioned in the book as well. This is a book I will use as a reference for a long time. I suggest it to anyone with a good grounding in Perl who wants to get unchained from or add to their commercial software. If you are a ProDiscover user it should be a part of your library because ProScripts can take your ProDiscover usage nuclear.

Harlen gets another nod, albeit secondary to Cory Altheide, for Digital Forensics with Open Source Tools. I made the "mistake" of reading an impression of this book this morning over at TaoSecurity and I'll try not to repeat it from familiarity. This book certainly fits the bill for unchained forensics.  I am in my third reading, and my deepest practical work through of the book. I have to say I find it not for the faint of heart. If you do not want to get dirty with Linux and Open Source this isn't for you. It's not in my opinion a book you can read through and pick up a few things that might interest you. This is a practical usage book that begs for practice and experimentation. I had some difficulties with the jumps it made, just like Richard, and I had to overcome the different paths my version of Ubuntu used from the book. That in itself was a great learning experience, but it set me up for a great ride through the rest of the book. I plan on a post in a couple of weeks to go through some of the examples and how i practiced and implemented them.

This past week I had the opportunity to implement for real RegRipper after practicing, benchmarking and testing it for a while. I was working on case where one of the underpinnings was showing the use of an external HD and a data cd written on a certain date when we knew a data theft had probably occurred. I had the registry viewer in ProDiscover, but time was against me since the legal firm wanted to file a quick motion. Using RegRipper, I found data I need very fast and accurately, which would have taken me many hours maybe parsing the data by hand. RegRipper allowed me to see Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder which showed last write time and MRUListEx with last write date on the day the employee left the company. Two of the items listed was a drive E: and a disk who's label was the date the theft had taken place. This enabled me to target the investigation and proceed with the knowledge the incident had probably taken place as believed and artifacts did exist. I have a lot of work to do yet with RegRipper before I understand its power and capabilities, but right now it certainly performs as a great triage tool.

On a last personal note, I have to pass along my prideful boasting on a couple of my children. Victoria just released her first EP of music she wrote, produced by Grey Revell. It is on SoundCloud. A great accomplishment to have before your 15th birthday. Another daughter Dorothy, competed this weekend in the Harmon Classics Hunter Jumper show at Latta Equestrian Center. She has won many ribbons before but this day got off to a rocky start. In her first event, her horse balked and stopped at the second fence, throwing Dorothy over head to the ground. She got up and dusted herself off and walked the horse back out. On the second event the horse refused to jump again and she was excused from the event. Most 12 year olds would have just quit, but Dorothy "talked" to the horse and on next 5 events made it jump. She placed in all 5 and in the last event won the Blue. Quite a growing up experience. I was infinitely more proud than I would be if she had one all her events. There's my bragging for the month.


  1. We are a not-for-profit educational organization, founded by Mortimer Adler and we have recently made an exciting discovery--three years after writing the wonderfully expanded third edition of How to Read a Book, Mortimer Adler and Charles Van Doren made a series of thirteen 14-minute videos--lively discussing the art of reading. The videos were produced by Encyclopaedia Britannica. For reasons unknown, sometime after their original publication, these videos were lost.

    Three hours with Mortimer Adler and Charles Van Doren, lively discussing the art of reading, on one DVD. A must for libraries and classroom teaching the art of reading.

    I cannot exaggerate how instructive these programs are--we are so sure that you will agree, if you are not completely satisfied, we will refund your donation.

    Please go here to see a clip and learn more:

    ISBN: 978-1-61535-311-8

    Thank you,

    Max Weismann

  2. VaporFi is the most recommended electronic cigarettes supplier on the market.