Wednesday, January 18, 2012

Forensic4cast 2012 - Kristinn Gudjonsson & log2timeline

Okay, folks, it's that time of year again. Yes, it's time for the Forensic4cast awards. Eric Huber beat me to it, which could cost me my fanboy status. However, I gave a link to the Awards, so maybe that'll help. :)

Anyway, here's the point: Nominate Kristinn Gudjonsson and log2timeline. For what, though? Well, I'm with Eric on this - Kristinn for Examiner of the Year, and l2t for Forensic Software of the Year. The software wasn't initially developed this year, we all know that, but it has been under constant development, and I think that counts. Anyway, he didn't get the recognition he deserves last year (IMO), so let's get all the l2t fans together and get him in there!

First thing is to nominate, then remember to vote! Be sure to nominate and vote for others as well. There are several categories, so have at 'em. Best Organization (CDFS), Best Blog [cough]this one[/cough], Best Article [cough]Dropbox Forensics[/cough], and so on. Jokes aside, I think the CDFS has a good chance to make a difference in our field, and its leaders have been working very hard to do just that. Be a part, get involved, and also - nominate and vote!

That's all for now.

Update - Just to add another worthwhile one into the mix, even though it is (gasp, aargh) in the same category... RegistryDecoder by Andrew Case and Lodovico Marziale at Digital Forensic Solutions. I've used RegDecoder, and I like it. Easy to use, very useful, does a great job automating registry parsing from an image, multiple extracted files, mounted image set, etc. It will even run against a live system, although I haven't used it that way. You can do keyword searches, build a timeline, and much more. So that should go for Forensic Software of the Year as well. I hate to have to suggest a competitor to l2t, but RD's very good as well. And, competition makes us all better, right?

PS: While you're at it, go vote for RegDecoder on Toolsmith, open until 31 Jan 2012!