We’re pleased to announce the first Beta of Lightgrep Search for EnCase! It’s been a long time coming, but Lightgrep Search for EnCase is finally ready! Emails went out to our Beta subscribers on Sunday. If you received our request for information, please send us your contact info and EnCase dongle ID at info@lightboxtechnologies.com. Any [...]
Our good friend and former colleague Yogesh Khatri recently posted an EnScript tutorial on his blog, detailing how to parse Windows XP System Restore logs. In addition to the EnScript code, it’s a good overview of how to parse restore point log information. Steve Bunting also has some excellent information related to System Restore.
We presented Wednesday morning at the 2012 DoD CyberCrime Conference in Atlanta, about “Forensic Clusters: Advanced Processing with Open Source Software.” This wasn’t a talk about clustering related items (although we did touch on that briefly), but more about building clusters of servers to scale up to the storage and processing demands of large-scale evidence [...]
Jon and I will be at the Department of Defense CyberCrime Conference this week presenting Forensic Clusters: Advanced Processing with Open Source Software. The session will be on Wednesday at 11 AM in the Learning Center room. We’re looking forward to hearing feedback after the session. There’s a lot of concern in the forensics community [...]
Last night’s SANS 360 session was a blast. It was much more intense than a normal lightning/work-in-progress talk, and the speakers were great. Big props to Rob Lee and the SANS crew for organizing it. For those who couldn’t make it, the rest of this blogpost is a recreation of my talk, “Factory Forensics.” Geoff [...]
Jon and I had the opportunity to present at CEIC in Orlando this year. Jon presented a session called Deep Dive Grep, in which he showed a method of representing GREP keywords as simple flowcharts. I haven’t seen anyone present keywords in this manner before, and I think it makes the topic really easy to [...]
I (Joel) attended the Seventh Annual IFIP WG 11.9 International Conference on Digital Forensics in sunny Orlando, Florida two weeks ago. While there, I presented an extended version of our NeFX paper on lightgrep, soon to appear in Advances in Digital Forensics VII. For those interested, you can see my slides and read a preprint [...]
Jon gave a presentation on the inner workings of keyword search at the NYC4Sec Meetup on January 19, “Lightgrep – Fast Keyword Searching for Forensics.” There was a good crowd of about 30 with a mix of active industry professionals and grad students from John Jay’s Forensic Computing program. It’s nice to see the students [...]
Speed is a feature. An Information Week article today talked about the success and growth of the FBI’s RCFL program. In 2009, the RCFLs processed 2.3 petabytes. If you’re processing petabytes, you need to go big to go fast. Going 17,000 miles per hour isn’t easy, though. As in rocketry, mistakes in forensics often aren’t [...]
I spent last Monday and Tuesday at NeFX, the ACM’s Northeast Forensic Exchange, held at Georgetown University. Thanks go to Clay Shields and Yong Guan for organizing it. There were a number of interesting talks, many about network forensics and covert channels that were well over my head. I particularly enjoyed talks by Nicole Beebe [...]