I recently determined the format for timestamps indicating when VMware Snapshots were initially created, as logged in the *.vmsd file.
Tag: forensic
Crosspost: SANS Network Forensics (FOR558) in Arlington, VA
Now that the holidays are over, it’s time to re-focus on challenges ahead. That includes training to help you to successfully tackle those tasks ahead in the new year. It’s an ideal time to join Phil Hagen in Arlington, VA for FOR558: Network Forensics. This course has been in high demand, and now you’ll be… Continue reading Crosspost: SANS Network Forensics (FOR558) in Arlington, VA
SANS360 Presentation: December 13, 2011
Update Dec 15, 2011: Updated to reflect that archive video/presentation is available. I’m honored to be presenting at the SANS360 Event on December 13, 2011. There are ten speakers allotted 360 seconds each – just six minutes – to present something interesting from their 2011 work in Digital Forensics and Incident Response. My presentation is… Continue reading SANS360 Presentation: December 13, 2011
SQL Ginsu
This year, I was selected as a “SANS @Night” presenter at SANSFIRE 2011, in Washington DC. The SANS Institute (System Administration and Network Security) is the largest provider for information security training and security certification in the world. My presentation, entitled “SQL Ginsu: Better Living (and Data Reduction) Through Databases”, focused on how a digital… Continue reading SQL Ginsu
How Long Will That Image Take?
Acquiring forensic images can be one of the most dreaded steps in most analysts’ processes. It’s documentation-heavy, not terribly interesting to watch, and thanks to the ever-increasing size of commercial hard drives, it can take a LONG time. Thanks to the unrealistic portrayals of this process in movies and TV shows, it’s not uncommon for… Continue reading How Long Will That Image Take?