I attended Basis Tech's OSDFCon recently...I've attended and presented at this conference in the past...and as has been the case in previous years, this turned out to be a great experience.
OSDFCon isn't so much a DFIR conference as it is a "tools and frameworks" conference, centered around the Autopsy toolkit. However, the folks who attend this conference are, for the most part, developers and DFIR practitioners. Many of the attendees are one or the other, while a number are both. This makes for a very interesting time.
Brian asked me to come by and, along with several other folks, give an update to a previous presentation. Last year, I talked about some updates I was considering/working on for RegRipper, and this time I gave a quick update on what I was looking at in the coming year. Based on that, my hope for next year's conference is to have something available to give a presentation, along with a demo, of what I talked about.
I really liked hearing about the new stuff in Volatility 2.5, as well as seeing the plugins that came out of the contest...and congrats to the contest winners!
Something I like about this particular conference is the type of folks that it brings together. Working on the types of cases I tend to work gives me a sort of myopic view of things, so it's good to meet up with others and hear about the kinds of cases they work, and the challenges they face.
Take-Aways
There are a lot of really smart people at this conference, and what I really like to see is frameworks and solutions to DFIR problems being created by DFIR practitioners, even if they are specific to those individual's needs.
Many of the solutions...whether it be Turbinia, or Autopsy, or Willi's tools, or whatever...provide an excellent means for data collection and presentation. I think we still have a challenge to overcome...data interpretation. Sure, we get now get data from an image or from across the enterprise much faster because we've put stuff in the cloud, or we've got a fast, multi-threaded design in our framework, and that's awesome. But what happens if that data is misunderstood and misinterpreted? This thought started to gel with me right after I registered for the conference and was talking to Christa about CyberTriage, and then during the conference, I made a comment to that effect to Cory...to which he responded, "Baby steps." He's right. But now that we can get to the data faster, the nex step is to make sure that we're getting the right data, and that it's being interpreted and understood correctly. Maybe the data interpretation phase is beyond the scope of a conference that's about open source tools...although there may be space for an open source tool that incorporates threat intelligence. Just sayin'...
Maybe I've just given myself the basis for a presentation next year. ;-)
Finally, a huge thanks to Brian and his staff for continuing to put on an excellent conference, in both format and content. In fact, I still believe that this is one of the better conferences available today. The format is great, requiring speakers to focus on the guts of what they want to convey, and the breaks allow for interaction not only with speakers but with other attendees, as well.
It was great to see you Harlan!
ReplyDeleteAgreed on the scope and content presented
This was my first OSDF con but it will certainly not be my last.
Harlan, thanks for the Cyber Triage mention. Our discussion validated an idea I'd been simmering on for some time, and I too walked away with some new ideas. I'm glad the conference was such a good experience for you, and look forward to seeing your presentation next year.
ReplyDelete@Christa and @David,
ReplyDeleteThanks for the comments.
@Christa, I'd be very interested in hearing the idea that you've had simmering.
I hope to see you both next year!
Harlan,
ReplyDeleteI was bummed I couldn't make it out this year. As you mentioned, I love that the talks are about 30 minutes, which, IMHO trims a lot of the fat from a presentation and keeps the audience engaged - I wish more conferences would do that!