Digital Forensics Resource List

Good Morning. I’ve published a list of digital forensic resources primarily for those in law enforcement interested in extending their knowledge/skills.  My personal observation being both technologist and cop is that traditional law enforcement investigative knowledge translates well to  incident response and digital forensics in particular especially when combined with aptitude and desire to be constantly learning.
HTCIA Austin Chapter –
Open Source/Free Forensic Tools
Commercial Tools
Digital Forensic Certifications
Texas Law Enforcement Forensics Training

Buy a Lottery Ticket Lately? – Fraud Alert

Since Wednesday’s powerball lottery drawing is at a staggering $485 million I would not blame even the most rational readers of this blog to be tempted.  It is also a great opportunity for me to pass along some information that may save you from being a victim.
Let me use myself as the example.  I’ve noted myself not always 1) getting 2) checking receipts from convenience store runs.  If this resembles your experience ask yourself; would you notice if you were overcharged a dollar or two?

Here is the issue.  Unscrupulous convenience store clerks are betting you simply decline a receipt or don’t closely check the one you receive.  Seems that they are skimming small amounts from customers to support their own lottery habits.

Obviously the vast majority of convenience store workers are not stealing from you but it does highlight the fact that you should at least 1) get a receipt 2) check it.


A Must Read – Bright Fulton on Log Management

Log management is hard.  Always has been, always will be.   Good to know that there are bright folks like Mr. Fulton and his team over at @swipley that get it. (and share!)
Technically –|  Rsyslog –> Logstash –> to –> S3 and Sumologic

Tactically –| “Engineers at Swipely start weekly tactical meetings by reporting trailing seven day metrics. For example: features shipped, slowest requests, error rates, analytics pipeline durations. These indicators help guide and prioritize discussion. Although many of these metrics are from different sources, we like to see them together in one dashboard. With sumo-search and the Search Job API, we can turn any number from a log query into a dashboard widget in a couple lines of Ruby.”


Read his post via the @Sumologic blog here.


CoreOS and Docker – Game-changers that security pros should know about

Key Takeaways:  CoreOS and Docker will fundamentally change the way SaaS companies deliver software.  CoreOS and Docker used together provide a compelling package by combining an “operating system as a service” and an application container to run applications in isolation from the operating system. Security professionals should know that the introduction of these technologies will mitigate some traditional risks while creating others.
CoreOS in particular is interesting in the way that it handles operating system updates and patches using an active/passive partition scheme.  More information here.

The ability to sanely roll operating system updates into deployment lifecycle will solve a major pain point for SaaS operations. The dirty little secret that is while many agile shops are starting to push code out “continuously”, operating systems are often left either untouched or unpatched.

CoreOS will help make “infrastructure as code” less buzzword and more reality in the not too distant future.


LinkedIn – One Step Forward and Two Steps Back

Needed to give LinkedIn props for adding a few security features:

  • The ability to managed logged in sessions.
  • The ability to export “your” data.
  • More email notifications when account details change including date, time, browser, operating system, and “approximate physical location”

Their official announcement about these changes is here:


Balance this by the fact that LinkedIn’s API policy is negatively affecting CRM companies and more importantly the small businesses that depend on them.

Here is a good rollup of the issue by @bradmccarty over at Full Contact

No word as to how their new Sales Navigator product has influenced their API lockdown tactics but that still unrealized/released product looks to be positioned for medium to large business.

Sacrificing innovation for corporate gain is nothing new, just disappointing that he new product won’t be relevant to small businesses, particularly entrepreneurs and innovators… 

Have A Philosophy – Or Get Burned…

Intuitively I knew it made a difference.  The “why” of why infosec pros get up in the morning and “do what we do”.
Many times working “security” we get consumed by the fires of the day and forget (or refuse) to take time to recognize why we ultimately subject ourselves to the pain around solving the very complex and serious security issues of the day.

Recognizing in a very tangible way that my mindset/philosophy is ultimately responsible for my successes and failures has had a profound positive impact on my life.  I review  my work philosophy often.  I recognize that it is not perfect or permanent.  I use it as a defense and as inspiration.

Stuart’s Work Philosophy

“I believe in the positive transformation of the world through the creation and application of new technologies.  I work because I make a positive difference in the world by applying top down, leadership led, security solutions that enable leaders and their people the freedom to innovate in the face the many security roadblocks and unrealized risks that exist today.”

Jeff Olson in his book “The Slight Edge” states:  “Your philosophy CREATES your ATTITUDE, your ACTIONS, your RESULTS, which create your LIFE.”

Create your own philosophy using these simple steps:

  • Write down “why” you do what you do professionally.
  • Map the “why” to your larger life and overall goals, plans and dreams.
  • Review it often.