A lot of times I'll see a question in DFIR-related social media, along the lines of, "what is the best tool to do XI was recently searching online for a tire inflator. I live on a farm, and have a couple of tractors, a truck, and a horse trailer. I don't need a fully-functional air compressor, but I do need something portable and manageable for inflating tires, something both my wife and I can use not only around the farm, but also when we're on the road. As I began looking around at product reviews, I also started seeing those "best of" lists, where someone (marketing firm, editorial board, etc.) compiled a list of what they determined to be the "best" available of a particular product.
Understand that I have a pretty good idea of what I'm looking for, particularly with respect to features. I'm looking for something that can plug into the cigarette lighter in the truck or car, or to another power source, such as "house power" or a portable generator. I'm looking for something that can fill a tire to at least 100 psi (some tires go to 12 psi, others 90 psi), but I'm not super-concerned about the speed; my primary focus is ease of use, and durability. Being able to set the desired pressure and have it auto-stop would be very useful, but it's not a show-stopper.
Some of the inflators listed as "best" had to be connected directly to the vehicle battery. Yeah, I know...right? Not particularly convenient if my wife needs to add pressure to a tire, particularly when plugging into the cigarette lighter is much more convenient. I mean, really...how "convenient" is it to pull over to the side of the road, and have someone who hasn't used jumper cables to jump-start another vehicle connect an inflator to battery terminals? Some inflators not listed as "best" were considered to be "too expensive" (although no threshold for cost was provided as a basis for testing), and looking a bit more closely, those inflators allowed the user to connect to different power sources. Okay, so that sort of makes sense, but rather than say that the product is "too expensive", maybe list why. Another was described as "too heavy", although it weighed just 5 lbs (as opposed to the "best", which came in at just over 3 lbs).
Bringing this back to #DFIR, I ran across this article the other day, which reportedly provides a list of the "top 10 digital forensics consulting/services companies". A list of the companies is provided on the page, with a brief description of what each company does, but what really stood out for me is that the list is compiled by "a distinguished panel of prominent marketing specialists". This, of course, begs the question as to the criteria used to determine which companies were reviewed, and of those, which made the top 10.
In 2012, I attended a conference presentation where the speaker made comments about various tools, including RegRipper. One comment was, "RegRipper doesn't detect...", and that wasn't necessarily true. RegRipper was released in 2008 with the intention of being a community-driven tool. However, only a few have stepped up over the years to write and contribute plugins. RegRipper is capable of detecting a great deal (null bytes in key/value names, RLO char, etc.), and if your installation of RegRipper "doesn't detect" something, it's likely that (a) you haven't written the plugin, or (b) you haven't asked someone for help writing the plugin.
During that same presentation, the statement was made that "RegRipper does not scale to the enterprise". This is true. It is also true that it was never designed to do so. The use case for which RegRipper was written is still in active use today.
My point is simply this..."best" is relative. If you're asking the question (i.e., "..what is the best #DFIR tool to do X?"), then understand that, if you don't share your requirements, what you're going to get back is what's best for the respondent, if anything. No one wants to write an encyclopedia of all of the different approaches, and available tools. Although, I'm sure someone will be happy to link you to one. ;-)
When you're considering the best "tool", take a look at the process, and maybe consider the best approach. Sometimes it's not about the tool. Also, consider the what it is you're trying to accomplish (your goals), as well as other considerations, such as operating or file system, etc. If you're not comfortable with the command line, or would perhaps like to consider a GUI solution (because doing so makes for a good screen capture in a report), or if you require the use of a commercial (vs FOSS...some do) tool, be sure to take those details into consideration, and if you're asking a question online, share them, as well.
2 comments:
I too am a DFIR professional, and struggled with this EXACT same problem just a month go. We have an acreage, horses, etc. I needed a cost effective way to top off air pressure in the tires and airbags of my 1 ton dually that we use to haul horses camping, so I can drink whiskey while kicking bad people out of networks they shouldn't be in, from the comfort of my campsite bonfire. Anyway, I digress. The point is, I ended up settling on a Stanley Fat Max 1000 Power Station. When we're at home it sits in the garage charging. When we travel I grab it and toss it in the truck. Never had to plug it in while away, it seems to hold a charge really well. We use the onboard air compressor to top off tires and airbag to just the right pressure (it has auto shut off). It was cheap, and I was concerned it would be too cheap, but so far so good. My wife and I both love it. What did you end up settling on?
Ray,
While I greatly appreciate you taking the time to read my article and comment, the article was not about air compressors. If you send me an email address or Twitter handle, I'll gladly follow up with you via that medium.
Thanks!
Post a Comment