Saturday, January 30, 2010

Acronis Try&Decide

Acronis True Image Home 2010 is a backup utility that offers ability to perform full, differential and incremental backups. Be able to mount Acronis back-up image as a logical drive in read or read/write mode is also handy. Acronis True Image is more then just a backup software however. It includes Disk Cleanser, File Shredder, and System Clean-up, which wipes data stored on a hard disk, individual partitions or individual files.

The software also has a nifty feature called "Try and Decide". As the name might suggest, it is designed to give users a second life whilst they make potentially dangerous changes to the system. It is easily activated by pressing "Try&Decide" button.

When Try and Decide is activated, all the changes made be the user are recorded in an automatically created folder named "Acronis Try&Decide" on external hard drive instead of drive C. Virtualisation technology is used to "isolate your "real" operating system from changes" and there is no need to install VMware or other virtualisation software.

Try&Decide continue working after the system reboots. Upon completion, the user is presented with  options to accept or discard the changes.

After changes have been discarded and Try&Decide was stopped, the folder "Acronis Try&Decide" gets automatically deleted.

Inside "Acronis Try&Decide" folder the program creates a sub-folder that looks similar to C59FD9A9-D675-48B8-80E2-38662B09C411.  This sub-folder contains a single file where all temporary data is being stored by Acronis. Searching for hex value 4163726f746e6430 should locate this file unless it has been overwritten.

Wednesday, January 13, 2010

Knowledge - Management and Retention

Along digital forensics and information security I have always been interested in knowledge management and knowledge retention subjects. These areas are especially relevant to Information Security/Digital Forensics because these disciplines heavily rely on highly knowledgeable professionals. When such professionals leave the organisation, they create a giant gap that has to be filled.

There are several publications on this topic, many of them packed with unnecessary statistical data, useless formulas and usually boring as dry toast.

I just finished reading a book by Jay Liebowitz "Knowledge Retention Strategies and Solutions" and I was pleasantly surprised by the quality of material. This book is written to be concise and full of insights and knowledge of topic.

It is hard to disagree with the author who suggests that "younger workers are less likely to stay with one employer for more than a few years" and that a "learning organization" must develop "knowledge retention strategies so that critical knowledge does not walk out the door".

Unfortunately, I haven't seen many such organisations around, at least not in this industry. Instead, I came across many good professionals who would keep their expertise to themselves and only share the knowledge when it suits they own interests. In his book Liebowitz identifies major challenges to knowledge sharing and states that 'about 80% of knowledge management is people, culture, and process, and only 20% is technology' such as document management systems, wiki's etc. He suggests that the experts should be motivated to share their knowledge "through being recognized and rewarded". Of course this would require a competent management capable of creating the right atmosphere and build a high level of trust throughout an organisation.

The author also mentioned the knowledge-engineering paradox, which I found to be quite amusing but dead right. The knowledge-engineering paradox 'means that the more expert an individual, the more compiled his/her knowledge and the harder it is to extract that knowledge'. Recently, I was surprised when someone told me, that occasionally it is hard to get a quick technical explanation from me. I thought about it for a moment and then realised that I have to decompile this information first and only after that, translate it to a language understandable by a non technical person.

This book is a good read and should be a valuable addition to every computer forensics manager's library.