This year, I was selected as a “SANS @Night” presenter at SANSFIRE 2011, in Washington DC. The SANS Institute (System Administration and Network Security) is the largest provider for information security training and security certification in the world.
My presentation, entitled “SQL Ginsu: Better Living (and Data Reduction) Through Databases”, focused on how a digital forensicator can use an SQL database as a tool to increase their analytic effectiveness. This skill is even more important today, as we are faced with ever-growing volumes of data from more and more sources during investigations.
It was a lot of fun to put the material and examples together, and I appreciate the opportunity to have spoken at SANSFIRE this year. Click through to find the presentation as well as two python scripts used to populate the databases in the two examples we covered. I hope that you found the presentation useful. Thanks to all those who attended, and to SANS for the opportunity to speak.
Python scripts (remove the “.txt” extension”):