Thursday, December 22, 2005


Posts have been sporadic, and not nearly as frequent as before...I know. That'll change.

For now, though, I've got a question for the that you can really help me with. Just about every month, I run across someone (usually online) who says, "I wish I knew more about this...". In the past, it was things like NTFS alternate data streams. More recently, it's been USB device artifacts in the Registry. The thing is, regardless of the topic, I will do a simple Google search and turn up some pretty good resources (if it's stuff I've done, I cheat a little and just send them the link).

So, my question is do you make things more visible? Take information as an example. You write an article about something that may be very useful to a group of people. You get the article published in a magazine or journal that caters to that group of people. However, not everyone in that group gets the journal.

Things I've tried include presenting at conferences (and in the case of my book, giving away free copies after the presentation), writing articles, posting to online forums, talking to people, etc. Now, I'm not saying that that's all that can be done, or that I've done any of those things enough. What I am asking is, what are some things that I can do to market stuff I've done...not just books, but code and any other information that I develop/produce.

Thanks...thoughts and especially solutions are appreciated.


Anonymous said...

This might seem obvious but I think this blog is a great place to share information. Especially relavent links to other stuff you might have already done. I came across it by goggling for "windows incident response blog" and you're the number one result.

H. Carvey said...

You're right...this is one location I use for visibility. But it's only one, and there are folks out there whom I've talked to that simply don't check blogs.

Anonymous said...

Instruct the questioner to be more resourceful? Sorry, but your post has hit a nerve, and you even answered it in posing your question. More and more it seems people want the quick answer spoon fed to them NOW, instead of spending time in the learning process via a few minutes with their search engine of choice.

Over the years I have seen more and more of this in newsgroups where questions are posted that could easily be answered with just a little bit of research. And the questioner then takes offense when instructed to do a bit of research before posting the question.

As far as how do you get more visibility, your blog is the first place, and probably the best. As mentioned, it is ranked highly via Google with the phrase "windows incident response blog". Even Googling for "windows incident response" (the blog left out) returned it as the first hit.

Give a man a fish, feed him for a day...

Anonymous said...

Well, I am always creating two articles about topic - one is simple to understand, with lot of screenshots etc. Second is more to depth, with explained technology.

When someone asks question on forum that is related to that article, I send him link to simple article - if he is interested, I will provide him with link for professional article.

And it works quite well - after few months (depends on topic) I see changes in discussion. I used this method with ADS, WMIC or LUA...


H. Carvey said...


As much as I agree with the sentiment of your comment, I'm not sure that I see the context.

Specifically, what is "Instruct the questioner to be more resourceful?" all about, and was hitting a nerve a good thing? ;-)

Like you, I've seen over the years how people will post questions to lists, when their answer could have been easily found with a rudimentary Google fact, in most cases, using key words from the original post turns up quite a don't need to be Johnny Long or a Google hacking expert.

I think that the benefit, and the curse, of the Internet is that the information you want is probably out there. The "curse" is that it's not all in one place, and not all of it is necessarily credible. This is especially true for the forensic analysis community.

Anonymous said...


What I meant by 'being resourceful' was by encouraging/instructing others to invest a little time of their own in at least doing initial research to support/encourage a learning process rather than a quick answer.

And, yes, 'hitting a nerve' is a good thing.

H. Carvey said...


In light of your comments, did you mean to respond to the "Nintendo forensics" post above?

And with regards to folks doing a little research...I doubt that that's something that's going to change, really.

Anonymous said...

No, it was in response to your previous reply in regards to clarifying my answer of "Instruct the questioner to be more resourceful".

Humans will often take the easy route for quick satisfaction as opposed to the longer, more time-consuming, yet potentially more rewarding path.