Monday, June 11, 2012
Let's Get This Party Started
About eight months ago I started a journey that has changed my skillsets and make choices to become more active in the DFIR community. It hasn’t been the easiest journey, but this roller coaster ride has been awesome.
On Tuesday June 12th I will be participating in my first webcast where I am the primary presenter. Being nervous does not go far enough to describe my current mental state. I am exhausted, running on fumes, and ready to crash hard, but all that is offset with the excitement of where this wild ride is taking me.
Over the course of the next three months, I will be presenting 3 different 1hr talks, and a quick 6 min talk. If I have not conquered my fear of public speaking by the end of August something is wrong.
In this talk I will take a look at the new FileHistory Services that Microsoft has released in Windows 8. I will discuss briefly what it is, how it’s configured, Artifacts created, and even release my first RegRipper Parser.
Windows 8 Forensics (pt 1 – Recovery Artifacts) at DFIR SUMMIT – PrincipalGroup10 to save 10%
In this talk I will look at the Recovery Options that are included in Windows 8, these are Restore Points, Refresh Points and System Reset. I will touch on how they are different, configurations artifacts that are created and the challenges that face forensic investigation regarding them.
In this talk I will look at the Backup and Storage Solutions that are included in Windows 8 and how they will impact investigation with the inclusion of Storage Spaces and Storage Pools, as well as more information on the File History Services.
While I know that I have no one to compete against with the Webcast on 6/12, I am up against some incredible Information Security professionals at both Summit and GFirst. The DFIR Summit is filled with some of the most talented researchers and professionals out there presenting on various Topics.
While the GFirst conference actually has a couple of Sessions at the same time as mine that I would love to attend. If you are in the Atlanta area, and interested in a Free top notch conference I would highly recommend this one.