As crime learns for free here - this also is the element which blocks a more open collaboration. Examiners have to collaborate to reduce the backlog to crime.
Cannot be that crime wins. Lets fight by collaboration. The form of should be discussed now.
As crime learns for free here - this also is the element which blocks a more open collaboration. Examiners have to collaborate to reduce the backlog to crime.
Cannot be that crime wins. Lets fight by collaboration. The form of should be discussed now.
It's easy, nothing to actually discuss, three steps
1) create a new forum not open to the public, with access only on credentials and invitations
2) stop posting on forensic focus forum at all or post only some retweets and trivialities
3) profit
jaclaz
(edited to correct some flawed spelling)
I think the benefits of open discussion out weigh the possible downside.
As a software developer, hopefully producing tools that might help with some investigations, the discussion helps high light issues, problems, ways of investigating. It also shows that almost all problems, someone has a solution. From a criminal view point, not much can be done that won't be discovered.
With my data recovery hat on, very little is shared because recovery is normally for profit. Forensics is often LE based, and so potential secrets (techniques) can be shared.
I would like to keep the forum open, ie no change.
As crime learns for free here - this also is the element which blocks a more open collaboration. Examiners have to collaborate to reduce the backlog to crime.
Cannot be that crime wins. Lets fight by collaboration. The form of should be discussed now.
To this date, this is a loosing proposition.
The bad guys have always had a culture of competition. Look at everything USSS has shared on "carder planet" since 2005-ish; the bad guys have a "pay to play" model that is compartmentalized, and the only way to remain viable is to keep producing better products in your compartment, whether it's exploits, RATs, or actual card data.
We, the good guys, have always played catch up. We do not collaborate. I've been part of, or started, a variety of forums over the years. In fact, I'm in a closed, by-invite-only forum now…but it's going the same way that all such forums go. The majority of members of these forums are lurkers, and some may not even visit frequently. The majority of the members are neither sharing nor discussing IOCs or TTPs, something that is the purpose of the forum. Some have said that they don't have any to share, others say that they can't.
As the "good guys", we do not have a culture of collaboration. In fact, our culture is one of hoarding information…just look at the major findings by some of the biggest names in the industry, which are not released until a big-name conference.
In some ways, I don't think that it's so much a culture of "hoarding", as it is one of those who say they're doing the work, whether it's digital forensic analysis, incident response, or a combination of both, really aren't.
Out of actually 29990 members there should be a little chance to build kind of aggregated expertise. One thing we here started is to feed out of ForensicFocus. An API sure would help.
A new forum should start inside ForensicFocus, a test of an interactive visualization tool is on our wishlist to the people running this site. By the way thank you for the great work to admin ForensicFocus! Toda raba.
The bad guys are way ahead of anything discussed in this forum.
I agree they are way ahead. But to fall behind more and more is our fault in two ways
a) less collaboration
b) less criminal thinking
a) we should think about how to improve collaboration. Aggregated know-how is also a reason why they are ahead. The level of collaboration is higher in crime than LE. We should think of.
Its not about meeting at conferencies or regular local meetings. This depends on the size of the country. Switzerland is too small and Europe not enough innovative.
We in LE lack of collaboration (secure network for collaboration required).
b) To act like law enforcement and think like a criminal is our local districts forensics vision. To think more criminal in concrete means, to more early adapt new issues (e.g. smart home solutions to help LE) but also swap between 'how would I break the bank' and 'how would I protect the bank'?
a) This we could/should start. b) Depends on everybody's capability to think dark. Personally I can do this best, but decided to stay on the clean side (earning less money but fighting for the good).
No.
I do not think of myself as (or pretend to be) law enforcement, under any circumstances.
My job is to find facts, irrelevant if they are incriminating or exculpatory. My job is to turn data into information and move from conjecture, to hypothesis, to theory.
I do not enforce laws.
I agree they are way ahead. But to fall behind more and more is our fault in two ways
a) less collaboration
b) less criminal thinkinga) we should think about how to improve collaboration. Aggregated know-how is also a reason why they are ahead. The level of collaboration is higher in crime than LE. We should think of.
Its not about meeting at conferencies or regular local meetings. This depends on the size of the country. Switzerland is too small and Europe not enough innovative.We in LE lack of collaboration (secure network for collaboration required).
b) To act like law enforcement and think like a criminal is our local districts forensics vision. To think more criminal in concrete means, to more early adapt new issues (e.g. smart home solutions to help LE) but also swap between 'how would I break the bank' and 'how would I protect the bank'?
a) This we could/should start. b) Depends on everybody's capability to think dark. Personally I can do this best, but decided to stay on the clean side (earning less money but fighting for the good).