SANS recently posted a webcast I recorded on memory forensics. While the presentation is from early 2012, the concepts are solid and this deck was eventually expanded to the full day of memory forensics training present in the updated Forensics 508 course.
Archives For Forensic Blogs
Microsoft Trustworthy Computing recently released several installments in their Targeted Attacks Video Series. While the short videos are largely low-tech, the accompanying documents provide detailed mitigation strategies. Mike Pilkington wrote an excellent review of the 282 page Best Practices for Securing Active Directory document on the SANS Forensics blog. The Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques deck is also worth a read. Interestingly, Microsoft lists common mitigation techniques like “smart cards and multi-factor authentication” and “jump servers” as having only minimal effectiveness.
I had the good fortune to attend a High Tech Crime Investigation Association meeting in Singapore last week. Attendees were primarily from the Singapore business community and represented a good cross section of forensic disciplines. After giving a talk on Windows Shadow Copy forensics, I sat in on chapter business that included preparation for the annual HTCIA Asia Pacific conference in Hong Kong. I thought I would provide the details in case anyone will be nearby in December:
Fifth Annual HTCIA Asia Pacific Training Conference
December 5-7, 2011
Cliftons, Hong Kong
A Fistful of Dongles (AFoD) is an eclectic mix of all things digital forensic. Eric Huber is the primary author and is a talented analyst and knowledgeable resource. Eric’s law enforcement and corporate background provide excellent insight into current events within the forensic community. He clearly has a passion for the field and it shows in the entertaining posts. AFoD has quickly become a staple on my reading list.
Link: A Fistful of Dongles
UPDATE: A Fistful of Dongles was awarded the Forensic 4Cast Best Digital Forensics Blog for 2011. Congratulations Eric!