Wednesday, October 28, 2009

(.pst) Documentation Specs are to be released by Microsoft

Finally, Microsoft has decided to release PST specifications, so no more reverse engineering for forensic people. Here is the link to MSDN Blog.

Cyberspeak podcast Oct 25 2009 is out, Ovie and Bret eventually found the time for it. I have been listening Cyberspeak podcasts since the day one and it remains my favorite "computer forensics, computer security, and computer crime podcast". Keep up the good work boys.

Ubuntu 9.10 is due for release tomorrow (October 29th).  Canonical guys always come up with a quirky name for each release such as Fisty Fawn, Gusty Gibbon, Horny Hardon :-), and Ubuntu 9.10 is no different, it is called "Karmic Koala".

Friday, October 23, 2009

Staying Up to Date with Technology.

The only secret that you need to know
The passage of time is a one way flow
If you understand, joyously you’ll grow
Else you will drown in your own sorrow.

                                Omar Khayyam
Occasionally I found myself struggling to keep up with the rapid technological progress that we all witness today. Here is what I do for keeping up with it, which can easily be summarised into three main principles:
  • Learn
  • Embrace
  • Adapt and change your habits

sun Learn

I use Google Reader and Google News quite extensively to stay abreast of technology. I also utilise my “Blogs I read” blog roll to keep an eye on my favourite forensic blogs. I found that Podcasts, which I normally listen on the go, are great source of information & inspiration.  Reading online publications, manuals and whitepapers became my daily routine.

Since I now have an iPhone, I use iTunes to manage all subscribed Podcasts. Recently, I discovered and became a great fan of Apple’s “iTunes U”, which is a part of iTunes Store featuring FREE University lectures, audio books etc.
Books, books, books of course. They can be expensive if you buy them yourself. I consider myself a very lucky person, because I can get books for free as a reviewer at Computing Reviews. Although the review dead lines are quite strict and put you on a tight schedule, it also encourage you to read/finish the book and take comprehensive notes, which later can be summarised and converted into a review. If you have a master's degree and experience in computer related discipline, you may be eligible too. As a reviewer you have additional benefits such as free access to  "over 19,000 reviews", be published in an Association for Computing Machinery journal etc.

Joining groups of peers from Computer Security/Forensic industry for formal or informal gatherings can help gaining reality checks on your current level of knowledge,  seek out advice and guidance on technical issues and receiving valuable feedback. If you are in Sydney, AU send me an email and you may get invited to one of our monthly informal assembly [subject of approval by all members]. Attending conferences and courses is beneficial but in real live is not always possible due to involved, so I want go into this right now.

smile_speedy Embrace

I still believe that Windows XP is a great Operating System and I use Win XP 64-bit machine as my primary forensic workstation. However, for this blog post right now I am using Windows 7 Professional that just came out. It doesn’t mean that I love it so much. I have started using it, and not just playing with it, early and in a non-production environment to learn the OS. Hopefully, when I get the job involving Win 7, I wouldn’t have too many surprises.

iPhone is another example, you don’t have to like the phone, which I actually do. You simply cannot learn everything by attending iPhone forensics course if you never seen or used iPhone before. I didn’t know for example that when iPhone is plugged in to a computer to transfer music etc, a backup copy of the iPhone is automatically created on this computer. This backup contains a  wealth of information such as photos, notes, email account settings, contacts, calendars, call history, SMS messages, bookmarks, browser history and currently open pages etc. iPhone’s backup files is a separate topic though.

My point is, get yourself out of the technological comfort zone and don’t be afraid to dump your favourite web browser, at least for some time, and use something new. There is a good chance that you come across this new browser again during the forensic investigation.

 smoking Adapt

Use Google docs or another corroboration tools to do your (non sensitive) work, take notes with electronic Mind Maps, set up Google calendar and get free SMS for upcoming event. Learn how these tools work and become more productive. It definitely helps me to be more productive, better understand the technology and trends.