I believe he disagrees, as do I, on the point that the Yahoo! Group mailing list in question is credible resource.
You cannot have it both ways in an intelligent discourse. If you go down on the path of nit-picking "undeniable proof", you must be able to sustain your "credible resource".
Live by the semantics, die by the semantics.
You disagree that I check the win4n6 mailing list? )
You disagree that I check the win4n6 mailing list? )
Not at all…I do not agree that it's either "credible", or a "source". When I started the group, I wanted it to become a valuable resource, but what I found is that everyone has their own idea of "acceptable behavior" for such a list.
For example, it's become something of a repository for ads for DFRWS and SANS. Then there's the members who like to "Kanye" the list by posting off topic items.
It's a matter of semantics, really. From my perspective, neither "beyond all reasonable doubt" nor "undeniable proof" are absolute, and are synonymous.
For NO apparent reason wink
http//
jaclaz
1. What tools do you use most often?
EnCase, XWays, FTK, Cygwin, Python, SQL server
2. What credible resources such as publications, forums, societies or Internet groups would you suggest to a new graduate?
There are a number of good books out there, I would recommend a graduate read
File System Forensic Analysis - Carrier,
Forensic Computing a Practitioners Guide - Sammes, Jenkinson
Windows Forensic Analysis - Carvey
EnCE Study Guide - Bunting (although tool specific)
3. What is the most rewarding aspect of your job?
Finding answers and getting it right; and helping others understand important technically complex issues.
4. What personality traits and academic background are important for today’s digital forensics investigators?
smart, analytical, problem solvers and investigators with a technical background and a high standard of communication skills (written and verbal).
sometimes these are CS/engineering/technology graduates but equally sometimes they are not.
5. Is it prudent to specialise in one or two tools/devices or be a “jack of all trades” investigator?
I think the answer is both. At the start of your career I think it is important to become a solid generalist, later specialising. That speciality will most probably come about based on where you work and who you work with, ie. filling a skills gap, or development of advanced skills that are particularly required by your job.
Quick question
3. What is the most rewarding aspect of your job?
Finding answers and getting it right; and helping others understand important technically complex issues.
How do you know when you've "got it right"?
This question has puzzled me for a long while. For the most part, we all work in some modicum of isolation…we're either working alone, or on a small, isolated team. What I mean by that is that, as a community, we don't share findings.
About four years ago, I was doing some host-based analysis as part of an APT engagement, and found something fascinating. Due to the logging that had been enabled on the system I was analyzing, I was able to clearly see the malware being loaded via the DLL search order vulnerability. I was sure that I was right, because I had all of the data points…the system was Windows XP, so the file system was still recording last accessed times, including when DLLs were loaded into memory. However, when I tried to describe it to other team members, I just got blank stares…most didn't even know what the DLL search order vulnerability was.
I was sure that I was right, and thought it would be a great topic to blog about, but I was told to not say anything and not share it with anyone. A couple of weeks later, something very similar was posted to the Mandiant blog (written by Nick Harbor).
Beyond that kind of validation, how do we know that we're right?
I believe he disagrees, as do I, on the point that the Yahoo! Group mailing list in question is credible resource.
You cannot have it both ways in an intelligent discourse. If you go down on the path of nit-picking "undeniable proof", you must be able to sustain your "credible resource".
Live by the semantics, die by the semantics.
I'm sorry if I didn't make it clear enough - I don't find any source, short of vendor-specific data, credible - which is why I then stated the following
But anything you find should then be verified and tested..
And as for the win4n6 list - there have been times in the past where I've found either content or linked content very useful. I guess this is.. wrong..?
(I will be stealing the verb "to Kanye" though ) )