tag:blogger.com,1999:blog-9518042.post5776999023881352878..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: Links and UpdatesUnknownnoreply@blogger.comBlogger2125tag:blogger.com,1999:blog-9518042.post-38460318021314219872012-08-03T06:09:26.670-05:002012-08-03T06:09:26.670-05:00What's the reality?
From my perspective, the ...<i>What's the reality?</i><br /><br />From my perspective, the "reality" is that you're right. <br /><br />The fact of the matter seems to be that no matter how useful a tool may be, if it's CLI, a great majority of the "community" won't be interested in using it...for the simple fact that it's CLI.<br /><br />I've seen this a number of times. CLI tools seem to be a limiting factor for a lot of analysts. <br /><br />I have a number of tools in my timeline analysis toolkit, but I've been told that there are too many, and they're all CLI. It doesn't matter that producing TLN output is only one of the formats that the tool can provide; nor does it matter that the tools have some built-in filtering capability to pull the analyst's attention to specific items. Most analysts tell me that they don't use them b/c they're CLI, and even seasoned analysts tell me that there are too many of them.<br /><br />I've also seen people post to forums saying that they don't get into using SIFT b/c it's Linux, there are too many tools, etc.<br /><br />So, I guess the point of my comment is that while I would <b>hope</b> that more analysts would use CLI tools where it is appropriate to do so, the <i>reality of it</i> is that this simply isn't the case...H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-52367774225193721402012-08-03T01:24:28.942-05:002012-08-03T01:24:28.942-05:00Thank you for the blog mention.. glad to know you ...Thank you for the blog mention.. glad to know you found part of one sentence interesting.<br /><br />>>I am also familiar with the reality of it.<br /><br />What's the reality? The context of my entire sentence was parsing and reviewing timeline data. If you know of a efficient and effective CLI kung foo method, please share..davnadshttps://www.blogger.com/profile/08531420083973769320noreply@blogger.com