Tuesday, January 01, 2008

First Post of '08

So, here it is...the first post of 2008 on my blog...what to say, what to say? I'm not a big fan of the "predictions" posts, pontificating on what's going to happen in the coming year. For the most part, who knows? Anything we do see in the media regarding data breaches is...well...tainted by the media, so we're not going to have any idea of the validity of what we're seeing.

Let's do some highlights...

From the perspective of this blog and the subject matter, the highlights for 2007 were the release of Windows Forensic Analysis in May, followed at the end of the year by the release of Perl Scripting for IT Security (the cover on Amazon says "IT", but the book on my bookshelf says
"Windows"...it was published by Elsevier).

Another highlight, as it relates to the WFA book, is that Richard Bejtlich posted his Best Books Bejtlich Read in 2007, and ranked WFA #3! High praise, indeed, considering that Richard is a *BSD guy!

Goals I'd like to achieve in the coming year include:
  1. Finish development on Windows memory parsing tools (or at least progress along in the stages....)
  2. Finish development of a Windows Registry preprocessor (basically, extract the Registry hive files from an image and drop them into a "thresher", and the wheat gets separated from the chaff...)
  3. Include more Vista- and Windows 2008-specific data in #1 and #2 above
  4. Do more codification and documentation of frameworks and processes related to my day job; things like live response, CSIRP development, documentation of data extraction and analysis processes for Windows platforms, etc.
I think that's about enough, don't you? Keep the goals achievable...there's nothing like looking back over a year (or a customer engagement!!) and realizing that the goals were to grandeous and volumonous, and simply weren't reached.

If you got some goals, thoughts or comments that relate to the subject matter of this blog, feel free to post a comment...and have a great 2008!

Addendum:
Andrew Hay's Predictions for '08

6 comments:

Anonymous said...

i searched about the table of contents of your new book "perl scripting for IT Security" and didn't find it.
can you put the table of contents here and more details about this book.

thx

H. Carvey said...

i searched about the table of contents of your new book "perl scripting for IT Security" and didn't find it.

Didn't find what?

Anonymous said...

i searched about the table of contents of your new book "perl scripting for IT Security" and didn't find it.

Didn't find what?


Didn't find the table of contents.
Can you give more details about the book what it contians for example if it contian writing win32 hooks with perl and if this book is intented just for windows or its also discuss linux and if its intended just for foreniscs etc
i am realy want to buy this book but i want to know what it contians and for who is intended

Th4nk$

H. Carvey said...

Can you give more details about the book...

Sure, I can see how the link to the Elsevier site can be misleading...well, it's flat out wrong, but what do you expect? Big publishers don't often listen to authors, especially after the book is out.

The book is in three sections...Incident Response, Forensics, and Monitoring. I wrote the first two sections. The book is specific to Windows, and covers a lot of the code that I included in my second book, Windows Forensic Analysis. The book assumes that you have some knowledge of Perl...for example, that you understand how to run command line tools and Perl scripts. All of the code is right there in the book, and it's also available for download.

I hope that helps...

Richard Bejtlich said...

Harlan,

I'm not sure if I mentioned this before, but one of the reasons your book ranked so highly was the tools you included on the DVD. They were very helpful in an investigation I ran last year.

H. Carvey said...

Richard,

I had no idea.

Can you mention which tools were of use? If so, can you provide feedback...what worked well, what could have been better?

Were there any tools that you could have used that were not on the DVD?

Thanks,

Harlan