SANS Summit Summary
I just returned from two days at the SANS What Works Summit in Washington, D.C. The capital weather was gloriously, unseasonably cool, but the Summit was cooler still (and not just because the ballroom temperature hovered near absolute zero). The talented presenters didn't disappoint. The leading lights in forensics and information security shared their tips, tools and insights; but, excepting a splendid lightspeed discussion of registry analysis by the oracular Harlan Carvey, I'm struck by how far the discussions strayed from disk forensics and other matters of pressing, practical concern in e-discovery and civil litigation. Certainly mobile devices are increasingly important and memory analysis is exciting and new, but it made me wonder if we aren't moving beyond "dead disks" too soon. Has everyone mastered disk forensics?
Kudos to Rob Lee and SANS for mounting a great event. The day two opening keynote on Law Enforcement Trends and the Future of Computer Forensics and Incident Response deserves special recognition as Ovie Carroll's engaging delivery and expert use of PowerPoint made for a very strong start. Ovie is Director of the Cybercrime Lab for the DOJ's Computer Crime and Intellectual Property Section and a hard act to follow. Other highlights were a deep, detailed discussion of cell phone forensics by the whipsmart Eoghan Casey and a huge law enforcement panel composed of LEO, examiners and prosecutors from local, state and federal agencies. The last wasn't as visually arresting as the plainspoken Bureau of Prisons guy with the x-ray of a cell phone in an inmate's rectum (Christmas cards anyone?), but still a revealing peek into the thinking of and challenges facing the LE community.
When you're on the civil side, it's easy to dismiss all that mobile platform, Cloud and incident response stuff occupying law enforcement and government as someone else's problem. Don't kid yourself. It's coming at EDD like a freight train. Events like this make me feel a wee bit better prepared.
Comments