Tuesday, June 26, 2012

Sans DFIR Summit 2012 - Slides

Today I was honored to present my first topic on Windows 8 Forensics at the SANS DFIR Summit in Austin. I want to thank Rob Lee and the entire SANS support staff for the encouragement for me to present and their dedication to putting on an incredible Speaker lineup.

Here is the slides and notes from my presentation, as well as a link to the research I have done previously on the Windows 8 Refresh. The data from the slides and presentation are current as of 6/24/2012. The Research paper may still need to be updated. 




What is coming next from me?

I am currently doing research on Storage Spaces that I hope to present to GFIRST in August. 

Windows 8 provides a new capability called Storage Spaces enabling just that. In a nutshell, Storage Spaces allow:
  • Organization of physical disks into storage pools, which can be easily expanded by simply adding disks. These disks can be connected either through USB, SATA (Serial ATA), or SAS (Serial Attached SCSI). A storage pool can be composed of heterogeneous physical disks – different sized physical disks accessible via different storage interconnects.
  • Usage of virtual disks (also known as spaces), which behave just like physical disks for all purposes. However, spaces also have powerful new capabilities associated with them such as thin provisioning (more about that later), as well as resiliency to failures of underlying physical media.

No comments:

Post a Comment