Managing digital forensic lab

For last few weeks I found myself in awkward situation, almost like echo from some previous jobs,
preparing materials for training titled "Managing digital forensic laboratory".  This is almost accidental event, a first run of that training since we announced it few years ago.
The story behind course is strange by itself too, It all started as result of a failure. There was one nice big project about setting up digital forensic lab, for dual purpose forensics and education. Huge effort was put into project, especially in preparation for managing lab materials and intro course for that. Since project didn't realise we did logical move, reused prepared materials, and squeezed into 3 day trainng expandable to 5 days.  Basic theory  is based on excellent "Building a Digital Forensic.Laboratory: Establishing and Managing a Successful Facility"book by Andrew Jones and Craig Valli. I've decided to add additional things based of recent development for datacenters and open source tools for compatibility and certification based on "Sarbanes-Oxley IT Compliance Using Open Source Tools, 2nd Edition" where we can show how to inexpensively build a managing and control infrastructure even on knoppix.  For lab case management I've decided to implement Foreman tool  and mention comparation with other case management tools like FTK lab.
To cover datacenter approach and introduce good practice in managing a lot of computing power, what is always missing  I've decided to use "Enterprise Data Center Design and Methodology"
By: Rob Snevely. There is a lot of other papers and web resources to mention and talk about ...

FER lecture "Moć forenzičkih alata"

Yesterday I done small 60 minutes lecture on my old UNI, going there always brings nostalgia back, remebering and daydreaming. What always  hits you is how many years have passed. Faces looks same, bright, young only difference are labtops and smartphones all around, when I saw myself in reflection I feel a pang of jealousy,  Amstrad 6128 and  ZX81 from my days will be helplesly  lost among new thingies around. Even mighty VAX under ULTRIX too..

With such thoughts, new wrinkles on my face, and new glasess I've get into old lecture room, same where 20 years ago we were playing with Expect langugage scripts  tailoring   some Cisco ATM switches configuration for experimental live video streaming.

This time skill was needed only to find right presenter stick all other was working more or less as expected. My battred Dell labtop was working well, MS Powerpoint 2016 has frozen only once, probably just to show who is the boss. In the audience was few familiar faces, in first row left my young and gifted colleague Savina Gruicic.

On the FER lecture home page there are links to video capture and links to presentation.

Dr Pale did intro words and I've started. My plan was to do short as possible, skimming on top of digital forensic topics, badmouth a bit about current tools and practices, show brief run trough Encase v6,v7 Ufed, get people thinking about and asking, hardest of all forcing myself to keep in 60 minutes boundaries.  People there are all from computer science community, I just need to show a topic, put a few words on context and let them think laudly :)
At the end we put in some new cyber-X words, Cyber-Hygiene and Cyber-illiteracy really it is fun to do Cyber words.
There was plenty of questions I can recall only a few,  Like where you can get careere and trainign for digital forensic in Croatia, it was hard to answer since in 2 weeks I'll do some work in Daka, Bangladesh to eran my living :) ..

Setting up EnCase classroom in Polytechnic of Zagreb

Just today we managed to setup EnCase classroom with 10 workplaces. It was pleasure and fun, relaxed work with everyone cooperating. Really relaxing action

20.5.2016 Still no official photos from classroom... I don't know if this is just laziness or hush-hush

Actually this is the first official classroom for digital forensic with state of art commercial software. around 

Cyber attacks and energy dependecy

In the sense of recent attacks on power providing infrastructure around the globe, I've remembered my thoughts when I was last time in Gulf countries, Bahrain and Saudi Arabia. These countries are even intuitively related to energy. If you think on oil and petrol first association is usually oil and money reach gulf countries. If you think more there is also a most modern technology there, since it can be easily bought and requires minimal local workforce to deal with it. It is same for all other aspects of life conclusion Is this combination is extremely vulnerable to cyber threats. They are impossibly depend on energy and technology to live everyday life, more than any the place on earth, only maybe the scientific base on Antarctica is more dependent. Last incidents show can misconfiguration or lack of proactivity can lead to disaster. What makes me thinking are recent fires in Dubai and some other issue which show “quality” control problems, and such problems are important in cyber attacks. It will be nice to have time and opportunity to work more, looks like very good situation for preventive digital forensics, but because of sheer size something vendor agnostic like Google GRR tool. 

4th May 2016,
Nice article on "Procurement: Saudis In Search Of Their Lost Work Ethic" StrartegyPage.com, which talks about quality problem, wokrforce etc, things so important in cyber vulnerability.