Submissions Being Accepted for Timothy Fidel Award for Excellence

Building on the success of the inaugural Timothy Fidel Memorial Award, Guidance Software along with AccessData, today announced the Timothy Fidel Memorial Award Committee. The Committee was created as the decision making body for the award which is given in memoriam of Special Agent Tim Fidel, who was a pioneer and tireless advocate of cyber forensics…The Timothy Fidel Memorial Award Committee consists of a wide range of
leaders in computer forensics, including: LAPD Detective Terry Willis, Secret
Service Supervisor Keith Hoover, EPA Assistant Special Agent William Fortuno,
Hewlett-Packard IT Security Investigator Mike Menz and Army Special Agent
Frank Spruill. The individuals serving on the Committee were selected for
their knowledge, experience and expertise in the field of computer forensics.
The Committee is accepting nominations from around the world for
individuals who completed a computer forensic investigation during calendar
year 2005. Submissions, which can be completed online at http://www.CEIC2006.com,
will be reviewed by the Committee and judged on several factors including: the
use of best practices, industry standards or other innovative techniques; the
complexity or notoriety of the investigation; and the impact of the
investigation – financial, organizational, procedural or societal. The
winner will be named at the CEIC Conference at the Lake Las Vegas Resort, a
gathering of cyber-security leaders. To show the industry’s gratitude, the
winner’s charity of choice will receive a $10,000 donation in their name.
“The Timothy Fidel Memorial Award was created in 2005 to honor Tim’s
eternal spirit and his diligent efforts to modernize forensic standards,” said
John Colbert, President and CEO of Guidance Software. “The Committee brings
together the most highly regarded experts to honor those that continue to
implement the standards that Fidel established.”
This year, AccessData joins Guidance Software in sponsoring the award,
which recognizes the men and women who carry out the standards of computer
investigations pioneered by Fidel.
“As a pioneer in digital forensics, Tim’s devotion was a credit to himself
and his agency,” said Eric Thompson, Founder and CEO of AccessData. “This
award will acknowledge that same passion for finding the facts. By
recognizing the outstanding individuals in this field we believe there will be
an increased awareness of the critical nature of digital forensics.”
Timothy Fidel passed away on Oct. 29, 2004 at the age of 50. Fidel was a
Special Agent with the United States Secret Service and the Environmental
Protection Agency, Criminal Investigation Division. He was a major
participant in the design of the Secret Service’s Electronic Crimes Special
Agents Program, and he was a certified computer forensic examiner, as well as
a respected member of the International Association of Computer Investigative
Specialists. Fidel’s last post of duty with the Secret Service was with the
Ronald Regan Protective Division for then-retired President Ronald Reagan and
former first lady Nancy Reagan.
In 2005, the inaugural Timothy Fidel Memorial award was presented to law
enforcement officials from the Modesto and Kansas City Police Departments
whose work was integral in solving two of the year’s most notable cases: the
Laci Peterson investigation and the Bobbie Jo Stinnett investigation. The
awards were presented by Timothy Fidel’s wife, Denise Fidel.
For more information about CEIC 2006, complete rules and regulations, or
to submit a nomination for the Timothy Fidel Memorial Award, please visit the
CEIC website at http://www.CEIC2006.com

About Guidance Software:
Guidance Software EnCase(R) solutions provide the foundation of an
enterprise investigative infrastructure that enables corporations, government
and law enforcement agencies to conduct effective investigations of all types,
respond promptly to eDiscovery requests, and take decisive action in response
to external attacks. Founded in 1997 and widely recognized as the industry
leader in computer forensics, Guidance Software has offices and training
facilities in California, Virginia, Texas, New York and the United Kingdom.
More than 14,000 investigators depend on EnCase software, and more than 3,500
investigators attend Guidance Software’s forensic methodology training
annually. Validated by numerous courts worldwide, EnCase is also frequently
honored with top security awards from eWEEK, SC Magazine, Network Computing
and others.

About AccessData:
AccessData Corporation, a pioneer in the forensic computing industry,
provides the tools and training to empower examiners at the local, state, and
federal levels as well as corporations to perform thorough investigations with
speed and efficiency. AccessData has led the forensic computing industry with
its password cracking and decryption technology for over 18 years. In
addition, during the late 1990’s AccessData expanded its offering to include
the Forensic ToolKit (FTKTM) which enables investigators to analyze the
cracked or decrypted files. AccessData is a recognized leader in the field of
digital forensics training and certification with its AccessData Certified
Examiners program; (ACE), ensuring forensics examiners worldwide follow
established standards and guidelines. For more information on AccessData
visit http://www.accessdata.com.

SOURCE Guidance Software
Web Site: http://www.guidancesoftware.com http://www.CEIC2006.com
http://www.accessdata.com

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...