Tuesday, April 3, 2012

A Few Worthwhile Updates

Okay, so I just need to post a couple (or maybe a few) quick updates. These are important, at least to me. :)

First up is ... wait for it ... wait for it ...

Forensic4cast Awards! There are some great folks in here, all very well-deserving. I'm not about to tell you who to vote for, as political discussions can be touchy. Oh wait, this isn't politics, so I guess I'll go ahead and get dirty. ;)

Not really, except to say, vote for log2timeline in the "Computer Forensic Software Tool of the Year" section. L2T's a great tool that I use on a regular basis, probably every case I work. Hands down, it's just awesome!

If for whatever reason (maybe you don't like perl) you can't bring yourself to vote for L2T, then there's another offering I can support. That's Registry Decoder, in the same category. RD is another great utility (in python, for you perl-haters) that can do for the Windows registry what L2T does for the file-system - parses the heck out of it! This bad boy is also proving extremely useful to me.

Yes, it's true, I'm in a quandary, a conflict, a conundrum. Now, where's my lucky coin?

Now that I'm all neurotic aboaut the choices to be made, I'll move on to the next part. Oh, but first ... GO VOTE!

My next topic is ForensicArtifacts. This is a community-driven site that has a very catchy name: ForensicArtifacts.com. What, you've never heard of it?! Well, shame on me if I haven't mentioned it before. ;-(

Taken from the About page, here's a description of the site:

"ForensicArtifacts.com was built to become a repository for useful information forensic examiners may need to reference during the course of their analysis. Requests for artifacts of system files, programs, and malware are very common to see on computer forensic mailing lists and forums. This site strives to take the place of those requests and become a one-stop shop when it comes to forensic artifacts.

This site was designed for the digital forensic community, but it also relies on the community to become stronger. Please consider submitting any artifacts you have documented that may be of use to other examiners. As an added incentive, Rob Lee and SANS have graciously offered up a SANS Lethal Forensicator Coin for anyone submitting six or more artifacts or IOCs in any given year. For more details on this, please read here
."

This is important, because we need more community involvement. A site like this only benefits the community if the community uses it. And if you're using it, you should be contributing to it. I don't want to sound all legalistic, but you should contribute. This doesn't just mean to send in artifacts; you can post links, follow @4n6artifacts on twitter and retweet, and recently we've even talked about having a "suggestions box" so people can submit ideas for artifacts, and anyone who's interested (and has time) can do some research to share with the community.

When it boils down to the crux of the biscuit (just mixing up various metaphors), ForensicArtifacts needs you! Only you can provide artifacts. It's low pressure, no time-table, do it as you can, just write it up and submit in the easy-to-follow form. It doesn't get much better than that! Basically, if you've found something in your work or research, even if it's perhaps incomplete, submit it.

We need your artifacts. We need your IOCs. And by "we" I mean the community as a whole, not just this site. When we all share the fruits of our labors, we all benefit. Pitch in! Recycle your artifacts and IOCs; it's good for the environment, and you get to make a difference!

Thanks!