Tuesday, April 14, 2009

Sans "WhatWorks in Forensics and Incident Response Summit" in July

The agenda is out and it looks to be a fantastic lineup of expert briefings and panels. The summit will be in Washington DC July 7 and 8, 2009. I was lucky enough to be chosen to be on the "Essential Forensic Tools" panel. With me on the panel are some of the big names in the Forensic/IR community, they are:

Jesse Kornblum who has made significant contributions with the free tools (MD5Deep, SSDeep, and Miss Identify and others) he has provided as well as the excellent papers he has written ("Using Every Part of the Buffalo in Windows Memory Analysis" and "Implementing BitLocker Drive Encryption for Forensic Analysis" as well as others), Jesse also has a blog that can be found here.

Troy Larson who is the Senior Forensic Investigator with Microsoft’s IT Security Group. Troy has presented my times at different conferences (Recovering Information from Deleted Security Event Logs, Vista Shadow Volume Forensic, etc.. and is a coauthor of the Handbook of Computer Crime Investigation: Forensic Tools and Technology.

and finally

Lance Mueller of the blog Computer Forensics, Malware Analysis and Digital Investigations. Lance has provide many enScripts on his blog to be used by all. I do not use Encase but I have learned many things by looking at the enScripts that Lance has developed, they have provided me insights into many areas of computer forensics.

I look forward to joining this panel of experts who have distinguished themselves in the field of Computer Forensics and Incident Response as well as meeting quite a few people who I have had the privilege of trading ideas and email's with.

As always Thoughts/Comments/Questions.........