Index
Security RipcordCutaway's Observations, Opinions, Rants, Raves, Tantrums, and Tirades
I mentioned in Gathering Hard Drive Serial Number and Information that I wanted a method to automatically document a hard drive’s information in Linux. I did come across a solution called Automated Image and Restore (AIR) that provides a GUI front-end to DC3DD and DD. I haven’t tested this as I really would prefer a [...]
My eight year old son has been asking to carry a knife. I have been wondering about knife safety and what it will take for me to let him carry a knife around. When I think about it the knife has been a right of passage for little boys since the beginning of time. Banning [...]
When acquiring data I am always worried about writing down a hard drive’s part number and serial number incorrectly. Sometimes the print is so small that an "8″ will look like a "B" or maybe the information has been obscured by other markings, stickers, or time. Some acquisition techniques such as HELIX Pro Version 3 [...]
Once again I find myself pointing to tweets by Richard Bejtlich. This time it was actually a retweet of Hogfly who runs the Forensic Incident Response blog. Hogfly recently pointed out an article in Aviation Week titled "China’s Role In JSF’s Spiraling Costs". This article demonstrates the actual cost for a specific project associated with [...]
It is more than obvious now that my ShmooCon talk, Looking into the Eye of the Meter, was canceled. Kelly Jackson Higgins in her Dark Reading article Researchers Postpone Release Of Free Smart Meter Security Testing Tool did a good job describing what InGuardians and I can say about the topic. But even one week later [...]
When I started working for IBM’s Emergency Response Team I was a little intimidated about walking into a client’s environment and quickly providing incident response leadership. Luckily I was trained by Chris Pogue and Harlan Carvey to consider three things when I got on-site: What are you trying to answer? What data do you need [...]
Mentoring can be a powerful learning tool for learning specific topics. I have been thinking about mentoring a little bit because I have often found myself thinking that a mentor would be beneficial to my technological and managerial growth. From my experiences I have determined there are a few requirements to setting up a good [...]
There are several reasons that I am drawn to IT security and incident response. The discovery of what occurred. Protecting a business and its employees from people doing them harm. The need for a breadth and depth of knowledge in many areas. When I was but a young security professional I always wanted to actively [...]
Drop The Refrain The refrain "make it too expensive for the attackers" needs to be retired from the security professional’s vocabulary. It is not going to happen. Making it "too expensive" is not S.M.A.R.T. It also means absolutely nothing to the attackers. The guidance security professionals need to be pushing is that managed business processes [...]
Shmoo Con First of all, I have to say that my talk at ShmooCon 2011 was a great experience. Here is a view from my stand point. Q and Atlas did a great job. You can experience our talk yourself by downloading and watching the presentation generously provided by ShmooCon. Purpose Although this started as [...]
