Techno Forensics 2009
Over the past few days I attended the Techno Forensics 2009 conference held at NIST. It was free and I needed the CPEs, and it’s vaguely inline with what I do, so I went.
I have to say that the speaker quality varied quite a bit. It ranged from “can I please die now” to “this guy is awesome”, and the level of knowledge transfer was about the same. I tended towards the technical talks when there were any, and whatever caught my interest otherwise.
The talks by Joe McCray from learnsecurityonline.com were excellent, if a bit fast paced. I managed to get the gist of the talks, but I wish some of the slides were up longer to copy commands down, but oh well. I learned a few things about SQL injection that I didn’t know – like playing 20 questions with the server to infer its information.
I also went to the iPhone forensics talk by Sean Morrissey, and was suitably impressed with what can be gotten off the phone without jailbreaking it – including the fact that you can send a phone to Apple and they will break the passcode protection (with a warrant). Now, that makes me think that if Apple can do it, someone else can too. It’s not like my passcode is escrowed at Apple (I hope).
The last really good talk I went to was on volatile evidence gathering in Linux – i.e., gathering evidence on a still running system from memory and other changeable state information (running processes, network connections, etc). It was interesting, but nothing new for me.
Finally, I went to a few non-technical talks on “Cyber warfare”, which were basically rehashes of Sun Tzu and old military strategy, and nothing to do with how to fight it, just how it’s different. I certainly was not the target audience for these.
What I found amusing was that at Defcon you have “spot the fed” contests. At this conference, it was more like “spot the non-fed.” Almost every attendee works for the feds or a police department in a forensics capability. I was asked at one point why I wasn’t in forensics, and my answer was corporate culture problems – which I think is a general problem, not just for me. Most very technical people I know prefer to not work in the type of corporate culture that exists in the federal government and government contractors – strict dress code, no “toys” to play with, having to use a company issued (and controlled) laptop, etc. It’s just not the type of environment that the bright minds of today (and tomorrow) want to be in, and until these organizations figure that out – and actually change something – they’re not going to attract the talent that they want.
4 thoughts on “Techno Forensics 2009”
Thanks for the summary. Nice to see what happened beyond that of Twitterville.
As a non “very technical person”, I actually understand what (most) you are talking about! 😉 Commonsense writing!
I also attended, and Joe’s presentation is indeed some powerful stuff. (Thought it was a riot that he posts the steps to bypass the Mcafee HIDS, and the VP of Product Development is standing in the back of the room with a look on his face that would pickle a prune!)
Both Joe and Sean have given these presentations at DojoSec – a monthly security forum at Capitol College off I-295 in Greenbelt, MD. It’s the first Thursday of every month, 6-10 PM, and admission is $1.00, including pizza, soda, and dessert. If you’re in the region, hope to see you there!
TwisterDaveMD
I would love to go up to dojosec, but getting there from Chantilly after work? Not my idea of fun – I used to commute from Gaithersburg to Chantilly – I moved for a reason.
Comments are closed.