DFIROnline Meetup review

17 Jan 2012

Well the DFIROnline meetup went well tonight. The turn-up tripled from the first event, we had a max of 97 attendees at one point. Harlan and Eric both gave a couple of great presentations, and I just sat there and looked like an idiot. Oh and drank every time Harlan said Mullware, which meant my beer did not last until the end of his presentation! I will be posting the recording tomorrow or Saturday. This time round there was a lot more activity in the chat's, lots of heckling and a few good points made, I am not sure if this was just because we had more people, or because I promised not to record the chats. There were some useful links posted during the chats, and I have posted most of them below. Unfortunately I did miss a few of the early ones, so will track them down tomorrow.
Harlan's malware (mullware) list: http://windowsir.blogspot.com/p/malware.html
Mandiant blog on Malware persistence without using the registry: https://blog.mandiant.com/archives/1207
Richard Bejtlich's definition of APT : http://taosecurity.blogspot.com/2010/01/what-is-apt-and-what-does-it-wan...
http://www.washingtonpost.com/world/national-security/cybersecurity-sec-...

Update:
I have now posted the recordings on the DFIROnline page, I have cut these down to just include the presentation and presenters voice, if you want to see real people and join in the chat you will just have to attend the meetings ;-) One of really good things about the meetup was that we had the audience contributing to the discussion during the presentation, which is where most of the links have come from.
Listening to the recording I have found out just how bad my mic was, which is strange as it was the same mic I used last time when it appeared to work fine. Anyway I will have it sorted for the next meeting I promise.

The other links that I missed are:
Simple Phishing Toolkit: www.sptoolkit.com
How malware authors evade antivirus detection http://blog.webroot.com/2012/01/18/how-malware-authors-evade-antivirus-d...
Social Engineering Toolkit: www.secmaniac.com/download/
http://www.amazon.com/America-Vulnerable-Digital-Espionage-Warfare/dp/15...
A recommended AV tool (can't remember who recommended, sorry) http://www.threatfire.com

Finally it appears that Anonymous was aware that all the top people in the field were at the meetup, as they chose that time to attack the DOJ and Universal websites! http://www.pcmag.com/article2/0,2817,2399116,00.asp (well alright it was a few hours before the meetup, but I suspect they were just over enthusiastic and started a bit early ;-)

-----------------------

More from this section

Filegen - file generator for tool testing

One of my students is currently researching data recovery on solid state drives. Part of the

12 Apr 2013

Resources for learning python for forensics

This is just a small collection of some of the resources that are available if you are interested in learning python. It is not intended to be a comprehensive list of everything available, just enough to get you started. They are not listed in any particular order although I may have saved the best till last ;-)

11 Apr 2013

Updated filesystem cheat sheets

At PFIC last year I ran a workshop on the analysis of NTFS and handed out some cheat sheets I made for examining NTFS in a hex editor. I have been using these cheat sheets for ages and over

26 Aug 2012

4096 byte sector drives, NTFS and forensic tools

One of the topics that came up during Kevin Ripa's DFIROnline presentation was the concept of 4k sectors, or really sectors larger than 512 bytes. I have been aware of these

24 May 2012

New Website and a new resource

I have transferred to a new hosting provider and made a few upgrades to the website. The most

1 Mar 2012

DFIROnline Meetup review

Well the DFIROnline meetup went well tonight. The turn-up tripled from the first event, we had a max of 97 attendees at one point. Harlan and Eric both gave a couple of great presentations,

17 Jan 2012

Free non-forensic windows programs for forensics and thanks.

Over the past couple of days Harlan has been talking about people contributing to the DFIR

27 Dec 2011

The beauty of forms

I recently read the book the “Checklist Manifesto” by Atul Gawande In the book Atul describes how by creating and using checklists of common tasks that should be performed before, during and

10 Nov 2011

PFIC

I have spent the past few days at the PFIC conference in Utah, it was a blast, except for the

8 Nov 2011

What makes a good forensicator? or how to get a job in Digital Forensics

A common question those seeking to enter the field of digital forensics ask is what do I need to

4 Nov 2011