Every now and again, I poke my head up for a breath of fresh air and a look around...and I wonder if others face the same issues and challenges I do. For example, knowing where to look during forensic analysis for information relevant to the case at hand.
So, my question to all of you out there is this...what issues do you face? What things do you see, need more information/documentation about? What are the things during a case (or just after you've completed one) that leave you wondering? What are those things that would make great research projects?
Sometimes, those things you are wondering about may already have been solved, addressed, or encountered by someone else.
Please feel free to post a comment here, or email me directly...which ever works. If you email me, I might post your idea, but I won't use your name without your consent.
Addendum 28 Sept: Well, I've received a single email so far in response to this post, and the ideas are (a) case studies, and (b) challenges. I'll see what I can do about posting both, but I'm sure that it would be extremely beneficial to hear from others.
Besides the usual suspects that provide forensic challenges (ie, HoneyNet, DFRWS), there are others available. Try TigerTools (the page has links to three different challenges; Feb, March, and July). I'm sure there are others...
Hi Harlan. What I'd like to learn more about is your approach and techniques for reverse engineering file formats. You talk about it, and have some nice tools as a result. I have some other file formats I'd like to investigate and be able to parse in a machine independent way. Any pointers? Do you use any special tools beside a hex editor? Ever looked at the "fret" project on Sourceforge? How about if the format doesn't seem to be document at all?
ReplyDeleteI'm attending the DOD CyberCrime conference in January and will look forward to meeting you there. It's a great week!
Thanks.
Hi, and thanks for the comment. I'd love to share some of what you ask about with you, but I have no idea who you are or how to contact you...
ReplyDeleteI'll drop you an email offline. I think the subject would be of interest to a lot of people here. Seems like a great chapter for a book too! ;-)
ReplyDelete