last five weeks

In last five weeks, since August 19th I've done 3 separate 5 day training on 4 different commercial digital forensics platforms. So I feel all hell of digital forensic standardization, compatibility issues.
Basically it is always the same thing to do (even on the same evidence files :) ) but with deliberately different terminology, methodology a nightmare actually.
We are asking question why current state of IT security is such shamble, how things are done now are really good example of how not to do things.  This is really material for a good scientific research why such important part of life is in such horror.
I'll add some thoughts later,  at the moment amuses me parallel with maths before introduction of Indian (Arabic) numbers with 0.

30.9.2017
As tools mentioned before

• Magnet Forensic Interent Evidence Finder
• Encase v7 and v8
• X-ways
• MobileEdit Forensic Express
• and some references to F-Response  

So you can imagine the differences and consistency problems ... 

Some irregular thoughts on cyber weapons

My thought about cyber weapons ..

I'm thinking how we are probably misinterpreting cyber weapons, probably because there is no bodypile at the moment. 

From web, Cyberweapon is "A cyberweapon is a malware agent employed for military, paramilitary, or intelligence objectives." it is not very helpful definition. I should say that much better definition is derived directly from term weapon where intention is much clearer. 

Anyhow we are missing part of cyber weapons and its environments where it is used. The space where cyber weapons are used should be studied and analyzed in sense to show how this space reacts and than interacts with cyber weapon. Also how cyberweapon can be prevented or minimized as possible tool for retribution.

I should say ti will be important to understand epidemiological approach to cyber weapon and space of its application. For example lets look at last cyberweapons exposure or weapon leaks. First weapon was developed, stockpiled and than used, some time after usage weapon was exposed trough leak and used by criminal organisation and other non-original users.  Here we have interesting events going on. As soon as weapon is used (activated since it can be dormant) or better to say released (like germs) it will be also available to its primary target. If weapon is active there will be some effects on the targets and target will soon find out what and how it was attacked. Results are this weapon is not secret to primary target attack, but it is still secret for most of the world. This provides primary target with opportunity to strike collateral area in attackers domain with same weapon this time reverse engendered from primary attack artifacts and traces. How this can be prevented or controled from primary attacker viewpoint ? One method is mimic the medicine and use "vaccination" process, this is the timely exposure of the attack weapon to its collateral area. Result is that collateral area is exposed, damaged a bit and effectively vaccinated to effects of weapon primary used. Looks very much like not petya events ..

Recent huge databreaches

Since last few weeks a set of really important databreaches were posted. Looks rather real about current state of affairs. I'm wondering if this is because of some offensive escalation in attacks or just more effective monitoring or more strict reporting rules ?
Anyhow it is hard to find impact results for this databreaches I start to worry if this is maybe result of an effort to do a real economical damage ?
We will see in the future how things will develop

30.9.2017
Reports about size and impacts of recent databreaches are still coming with new information. The Delloite story is going one and getting more scary.  Maybe we are here talking of new type of asymmetric warfare ? All events and strategic value of data stolen, information learned and knowledge achieved is frightening. Also we don't know about other economical targtes in same class if and how being affected. Just think about what analysts and strategic usage of all this data collected can do do US economy and indirectly to military power.
Looks like my paranoia kick in, into some global conspiracy theory :) But why not it is like adding a new dimension to existing human activities and one dimension in which all activities are interconnected, accessible and almost not defended.