Thursday, April 01, 2010

Security and Forensics Roundup: Heavy Version #7

Oh my.  I may have bit off more than I can chew with this load of links.  I’m having a challenging time breaking them all down into meaningful chunks!

Incident Response

  • The Tiger and the Ghost – Nice and reflective thoughts on the changing landscape of incident preparedness from Hogfly over at the Forensic Incident Response blog.

  • Verizon Incident Metrics Framework Released – Verizon has published a framework for categorizing incidents and elements that comprise them.  One of many out there, nevertheless, it might provide some additional ideals for conceptualizing incident events and help guide you as you form narratives that analyze and summarize them for your audiences. Spotted via the TaoSecurity blog.

  • DarkReading Evil Bytes bloggist John Sawyer has posted a trilogy of articles on incident response as well as drive-imaging thoughts and techniques in that response; Adding Forensic Imaging To Your Standard IR Process, Using Hard-Drive Imaging In Forensics, and Drive Imaging Using Software Write Blocking provide an updated refresher on these topics. Good for a quick review particularly for the unfamiliar.

  • Responding to Incidents – Windows Incident Response blog.  Coming in at the anchor position is a great post by Harlan covering all the major points and issues on why establishment and execution of an organizational incident response plan for the IT shop is critical. If you don’t have one, it’s long past time to start building and implementing one.  Failure to do so comes with great peril.

Timeline Merry-go-Round

Having some time ago been faced with the challenge of preparing a digestible incident timeline of a Windows system, I am now paying even closer attention to timeline issues.  Like many, I had reams of data, much of it all valuable. However, the real challenge wasn’t so much the capture and spin-out of the information, it was presenting the findings in an objective manner that successfully and accurately told a story to management and non-IT consultants.  What was of value to me understanding the sequence of events was less valuable to those who wanted the big-picture and major-plot-points.  It end up being as much the art-of-communication as well as art-of-examination.

It’s all about Analysis

  • Flock shepherds in a Life of Grime – Forensics from the Sausage Factory blog.  In which in this installment, we find DC1743 encountering the Flock browser, which is just a fancified version of Firefox geared to the social media experience.

Tools and Toys

Miscellanea: Don’t count out the value of small things…


--Claus V.

No comments: