SANS360 Presentation: December 13, 2011

Update Dec 15, 2011: Updated to reflect that archive video/presentation is available. I’m honored to be presenting at the SANS360 Event on December 13, 2011.  There are ten speakers allotted 360 seconds each – just six minutes – to present something interesting from their 2011 work in Digital Forensics and Incident Response.  My presentation is… Continue reading SANS360 Presentation: December 13, 2011


Ten. It’s just a number, isn’t it? The concept of “ten” may mean a little bit, or it may mean a lot. But at the end of the day, it’s still just a number. We need to provide some context in order to evoke scale and emotion. That context can make the number “ten” significant,… Continue reading Ten

Categorized as Personal

SQL Ginsu

This year, I was selected as a “SANS @Night” presenter at SANSFIRE 2011, in Washington DC.  The SANS Institute (System Administration and Network Security) is the largest provider for information security training and security certification in the world. My presentation, entitled “SQL Ginsu: Better Living (and Data Reduction) Through Databases”, focused on how a digital… Continue reading SQL Ginsu

Comcast Sets Customers Up as Phishing Targets

Today I received an e-mail message from Comcast extolling the value of a (new?) service that will PROTECT ME™ from the INTERNET® and all its evil.  I’ve included this little gem of a PR masterpiece below.  Now don’t get me wrong, the threats presented by malware in general – botnets, phishing, scareware, credential thieves, etc,… Continue reading Comcast Sets Customers Up as Phishing Targets

How Long Will That Image Take?

Acquiring forensic images can be one of the most dreaded steps in most analysts’ processes.  It’s documentation-heavy, not terribly interesting to watch, and thanks to the ever-increasing size of commercial hard drives, it can take a LONG time.  Thanks to the unrealistic portrayals of this process in movies and TV shows, it’s not uncommon for… Continue reading How Long Will That Image Take?

Ultimate procmail Recipe

The procmail utility filters e-mail as it’s received (generally on a UNIX-like server), rather than when you retrieve it with your e-mail client (such as OSX Mail, Mozilla Thunderbird, Microsoft Outlook, etc).  As with most UNIX-based utilities, procmail is a very powerful tool for those that take the time to learn how it can be… Continue reading Ultimate procmail Recipe