Blog

Happy New Year from the Case Leads team!

In this first Case Leads of the year several organizations have been hacked, a man gets a new trial because of a computer virus and Windows 8 will have a reset button. Several tools have been updated and introduced and some good reads along with a little levity and training/conferences as well as call for papers.

If you have an item you'd like to contribute to Digital Forensics Case Leads, please send it to caseleads@sans.org.

Tools:

• MD5deep and hashdeep version 4.0.0 has just been released. Some features were added as well as rewriting parts of the programs in C++. You can read more about it here.
• NSRL Query Tool has been released which will allow the NSRL hash sets to be used more easily. You can read more here.
• Harlan Carvey has posted his Jump List Parser code on Google code, you can read more about it here.
• From Drexel University,2 new tools that deal inStylometry, the study of linguistic style. One helps identify the author of a document and the other helps the author avoid detection.

Good Reads:

• Using Mandiants Readline & OpenIOC to build Effective Indicators.
• Giving back to the community from Harlan Carvey
• Upchuck Hour, talking about Stratfor's Data Breach by Sharon D. Nelson Esq.

News:

• The Trojan defense gets a whole new meaning. A convicted murderer gets a new trial after the transcripts for the first trial after they were destroyed by a virus that was on the computer, the computer had the only copy of the transcripts of the trial.
• Windows 8 will allow the users to do a factory reset to the data.
• Stratfor Global Hack

• Hackers breach their website.
• Data released.
• Cleaning it Up.
• Hackers threaten to release source code for Symantec's Norton Antivirus

• AntiSec hacks 2 Law Enforcement Associations, one in New York and the other in California.

Levity:

• Dilbert - Pick the email defense/
• BOFH - Gift giving.
• Microsoft reboots it Flight Simulator and will be giving it away free

Coming Events:

• SANS Security East 2012-New Orleans, LA - January 17th - 26th, 2011
• InfraGard Arizona "Social Engineering" Event: AGENT SADDAM, An Inside Look at FBI Special Agent George Piro's Interrogation of Saddam Hussein - Phoenix Arizona -January 23rd at 6-9PM
• North American SCADA 2012- Lake Buena Vista, FL -January 21 - 29, 2012
• DoD Cyber Crime Conference 2012- Atlanta, Ga -January 20th - 27th, 2012
• SANS Monterey 2012-Monterey, California - January 30th - February 4th, 2012
• SANS Phoenix 2012-Phoenix, Arizona -February 13 - 18, 2012
• RSA Conference 2012-San Francisco, CA -February 26 - 27, 2012
• SANS Secure Singapore 2012-Singapore, Singapore -March 05 - 17, 2012
• Mobile Device Security Summit- Nashville, TN -March 12 - 15, 2012
• 12th Annual CanSecWest Conference-Vancouver, British Columbia, Canada - March 9 - 11, 2012
• SANS 2012-Orlando, Florida -March 23 - 30, 2012
• Euro Forensic 2012-Istanbul, Turkey - March 29 - 31, 2012
• SANS Northern Virginia 2012, Reston, VA - April 15 - 20, 2012 -
• 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '12) - San Jose, CA - April 24th, 2012
• SANS AppSec 2012: Summit & Training-Las Vegas, NV - April 24 - May 2, 2012

Call For Papers:

• SANS DFIR Summit - Jan 15, 2011
• 2012 Conference on Digital Forensics, Security and Law- Due Date - Jan 31, 2012
• 14th Information Hiding Conference- Due Date - Feb 05, 2012
• 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats(LEET '12)- Due Date - Feb 13, 2012
• ARES Conference- Due Date - Mar 01, 2012
• Symposium On Usable Privacy and Security- Due Date - Mar 09, 2012
• European Symposium on Research in Computer Security (ESORICS) 2012- Due Date - Mar 31, 2012

Digital Forensics Case Leads is a (mostly) weekly publication of the week's news and events relating to digital forensics. If you have an item you'd like to share, please send it to caseleads@sans.org.

Digital Forensics Case Leads for 20120106c was compiled by Mark McKinnon GCFA, CCE is Principal of RedWolf Computer Forensics where he has written many tools that are used throughout the Computer Forensic Community. You can follow Mark on twitter @markmckinnon.