Tuesday, June 30, 2009

How quickly we forget

Date: Thu, 8 Jan 2009 08:26:45 -0800 (PST)
From: Rob Lee
Reply-To: Rob Lee
Subject: Re: [GCFA] Compiling evidence boils down to a matter of time
To: Dave Hull
Cc: GCFA
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-496094974-1231432005=:13648"
Message-ID: <1401.13648.qm@web42107.mail.mud.yahoo.com>

--0-496094974-1231432005=:13648
Content-Type: text/plain; charset=us-ascii

Done. That takes care of Windows 7 and Window Server 2008. Can you verify it can adjust all four timestamps or just a few of them? We can then add that to our list of known default programs. Also, can you document how it is used and what traces are left in its use?

What type of beer do you like and what is the next SANS conference you will be at?

--Rob


______________________________________________________________________________________________





________________________________
From: Dave Hull
To: Rob Lee
Cc: GCFA
Sent: Thursday, January 8, 2009 11:11:17 AM
Subject: Re: [GCFA] [HTCC] Compiling evidence boils down to a matter of time

Interesting thread. Windows 7 and Windows Server 2008 ship with
Powershell. Powershell can be used to modify timestamps. See this
entry on my blog for more info:

http://trustedsignal.blogspot.com/search/label/timestamps

Where's my six pack? ;)

--
Dave Hull
Trusted Signal
CISSP, GCFA, GCIH, GREM, SSP-MPA, CHFI
Public key: http://trustedsignal.com/pubkey.txt
Fingerprint: 4B2B F3AD A9C2 B4E1 CBDF B86F D360 D00F C18D C71B

"Great minds discuss ideas; Average minds discuss events; Small minds
discuss people." -- Eleanor Roosevelt

--0-496094974-1231432005=:13648
at No comments:
Labels: , ,

Wednesday, June 24, 2009

From New School of Information Security to Incident Response

The SANS Forensics and Incident Response Summit is just around the corner. Judging by the agenda it's going to be the best event for forensics and IR professionals for 2009.

Of course, I'm biased. Rob Lee, SANS' lead author for the forensics track invited me to be a panelist for the Summit several months ago. He posted a list of questions that we should be prepared to answer during the incident response panel and gave us the option to come up with our own question based on the Summit's theme.

In a nutshell, the theme of the Summit is that over the last decade forensics and incident response have advanced greatly due to new tools and techniques. What are the new essential tools and methods that incident responders must have or use.

Again, I'm paraphrasing the theme.

From there, I'll be jumping back 100 years, to look at a then emerging high tech field and some highlights (or rather low points) from it's first 50 to 60 years. To see what lessons it might offer us and how those lessons relate to Adam Shostack's and Andrew Stewart's book, The New School of Information Security. Oh, and I've got five minutes to do it so I'm gonna talk fast.

Aside from those five minutes, the Summit is going to be filled with legends in the field(s) and I'm really looking forward to hearing what they have to say.

The Summit is in two weeks and it's going to be amazing. Here's the registration link. Come and join us.
at No comments:
Subscribe to: Posts (Atom)

Other thoughts from Lean In

My previous posts in this series have touched on the core issues that Sheryl Sandberg addresses in her book  Lean In: Women, Work, and the W...