SANS Forensic Summit


Last week I attended the SANS Forensic Summit in Washington DC. What an experience it was. I got to meet many people for the first time including Mark McKinnon, Joe Garcia, Brian Moran, and Rob Lee (if I listed everyone people would get bored reading, sorry).

The event itself was fantastic I was able to watch presentations given by some of the biggest and best in the field today including Jesse Kornblum, Harlan Carvey, Troy Larson and many others. Mark and I also had the opportunity to give our presentation on Volume Shadow Copies and show a little of what Shadow Analyser will do once we release it. We seem to have gotten some positive feedback from it too. Thanks to the presentation I was even allowed to walk away with on of the SANS ‘Lethal Forensicator’ RMO. It is very nice and more people should carry them.

On the Thursday night we held the second annual Forensic 4cast Awards, the winners have already been listed on here so I won’t do it again but I will say that it was well attended and a lot of fun. I’m working on providing some more footage of the event to post online.

All in all this whole thing was awesome. Well worth attending. Next year’s summit will be moving from Washington DC to Austin, Texas. As you have nearly a year until then it is worth your time making sure that you can attend.

On a side note, while we were in DC Mark and I had the chance to go to see the Iwo Jima memorial and the Arlington Cemetery thanks to our friend Jerod. While the visit didn’t have anything to do with forensics I thought that I would share my feeling about this place.

It is both tragic and inspiring at the same time. Seeing the rows upon rows of graves of those who faithfully served their country until the end humbles me. I think of their contributions to the world, for their shortened lives, and feel not only gratitude but also a deep sense that I need to do more. Why should people like that waste their lives for me to be satisfied with mediocrity? No. I will make sure that, whatever I am and whatever I become, I’ll strive to be the best so that people like them did not, and will not, die in vain.

Now, this DOES apply to forensics. There are many in this field who continue to ‘coast’. They do their work and go home. While this is admirable I fear that it is not enough for the future. We should be actively engaged in researching and presenting our research so that all in the field can benefit from our cumulative knowledge. Let’s not wait for someone else to make the big discoveries, let’s jump in and do it ourselves.


4 responses to “SANS Forensic Summit”

  1. Was there a presentation / tool / technology , that you found most interesting?

    The comment about seeing the graves of those who “faithfully served… humbling…” struck home. Respect for those who gave all sometimes is not reflected in those who benefit from it, its a shame.

  2. Joe,

    I really enjoyed Chris Pogue’s ‘Sniper Forensics’ and Jesse Kornblum’s presentation on fuzzy hashing. I’m sure that I would have understood more if I’d ever done any incident response work.

    Also the exFAT presentation was very interesting, especially as there are currently no tools that support that file system. I might be writing a small exFAT parser soon for a bit or hobbyism.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.