Monday, October 26, 2015

Some informal talks about EnCase

There are some informal talks about EnCase and its future. Looks like version 8 is delayed till further notice and v7.11 and more will roll out, while v6 will silently alive. Also feedback from trenches will be taken into account. Sounds like very reasonable actions after all that atrocities with v7.Again I'll try to push what I've said many times :

  • bring back conditions as it was in v6 in each screen
  • fixing user interface to be consistent and simple even rethink it, especially for enterprise version
  • add automatisation on simple script level, enscript is too complicated for ordinary user
  • add logging of user actions for performance monitoring and for legal issues
  • document the data structures, fix documentation
  • enhance cooperation with other products, like let lx01 or l01 formats for logical evidence files to free for other vendors to use it, do implementation in python to do RW access to logical evidence files
  • add libraries to interact with other scripting language, perl, ruby and python
  • document the sql data structures used in enterprise version
  • fix reporting and especially data exporting in case analyzer

The product portfolio is probably on change again with new titles for old products :) or new repackaging. Tableau devices are coming again in new shapes and with new functionalities what is really a nice touch.

Looks like that somebody take control of situation and instead of soviet style no-step-back policy we have now some strategic thinking and damage control. I suppose there is also some cultural changes based on hard lesson learned during disaster, also a lot of people left GuidanceSoftware since painful story with Encase v7 stared in 2011.  I suppose this is a good mark for anyone in industry to stop a little and start thinking what is going on and why. It is time to admit that even for digital forensic vendors some computer science common sense has to be applied.  There are some rumbling on the horizon and clear signs showing that traditional vendors has problems defining their role and product position.

Strangely BBC had a nice article on corporate problems   "VW and the never-ending cycle of corporate scandals" which well fits into what I mentioned above  about digital forensic vendors
To be honest I've never seen data or study on correlation (never been trying to hard to find it actually ) about IT sec problems and corporate polices, cultures etc. I suppose this type of data and intel should be in insurance companies profiling data for their clients.  Same think can be done for general IT problems, just remember "The Big Unknowns" in Verizon data breach reports since 2008.

Sunday, October 11, 2015

In last SANS NewsBites : there is scholarship for women in Cybersecuirty !

Just to post this, some of my colleagues are following blog, it is easier to blog news than to email it to all of them :)

SANS NewsBites Vol. 17 Num. 079 : Scholarships For Women in Cyber; 

TOP OF THE NEWS
 --Women's Cyber Talent Search Offers Scholarships For Intensive Hands
    On Training
(October 9, 2015)
As a step toward brining more talent into cybersecurity by closing the
gender gap, the National Center for Women in Technology and SANS are
providing more than $300,000 in scholarships for advanced hands-on
training in the most sought-after skills.  Women who demonstrate
aptitude for and basic skills in cybersecurity are eligible.  The
admissions process is now open and qualifying exams are being held from
today through October 30.
Schedule and qualifying site:
https://www.sans.org/cybertalent/immersion-academy/programs?#womens-academy
More on what is in the CyberAcademies
http://www.sans.org/cybertalent/immersion-academy/

Sunday, October 4, 2015

attack, defense, IT systems, people, thoughts

I always remember talk about attack and defense theory, in most simple form it says prepared defender has 3 to 1 advantage over attacker, or prepared defending force will destroy as many as 3 times forces which are attacking. That is war and blood proven theory but why it is not working like that in IT attack and defense ?

I love to think about it :)

It says prepared defending force, a joke if we are talking about current IT systems, government or business. Just check trough different reports about incidents, data breaches etc .. it shows clear sings of system being  neglected, not administered or deliberately ignored.
And still if you read about  people involved, titles and references a lot of certifications and buzzwords. A lot of certification around which will certified systems, tools, people ... a bit fishy since it's a very lucrative market.

My favorite thing is CISSP certification, very popular among people managing or directing IT systems,  but I have a wooden feeling about something designed by accountants for accounting auditing approach, not system engineering approach. A long exams of questions to provide out of textbooks and standard answers,  but nothing practicals and worst of it nothing creative or even scientific in method.  If you read  about it shows pure theory and standards, something what nice to have but gives you so beautiful false feeling of capabilities and knowledge. There is not much mentioning of practice or experience of real systems or effective analyses and such. It gives me image of someone using procedures without understanding why this procedures are there in first place and without clue how to create new procedures (it a politically correct saying knowing when to break old procedure because it does not make sense any more).

It always remembers me on Admiral Hyman Rickover and his attitude in project management, system management and control. It is a bit dinosaur approach but I still think it is worth of rethinking and putting into context of modern world. Implications of developing strategic nuclear  submarine fleet was essential for world survival during cold war, it actually was a key element in MAD triad approach which made mayor war senseless or no-winnable. There are some similarities in securing IT systems today, especially critical systems. From forums and conferences it is obvious that US DoD and rest of military is thinking about it, but for  non military I'm not sure.

It is worth of reading his papers and some additional materials on nuclear strategy, especially on quality control problems in early submarines and training and personal issues and think about long term implications. Lessons learned in that far away period are still valuable but it is not straightforward how to apply it.  I suppose simplification and lack of understanding of whole system and even not willing to understand your system are critical problems today something what is not possibly to solve trough current trends and practices. All this gives attacker from first paragraph a huge advantage.

8th October 2017
Very nice article "What's wrong with the CISSP talks about how certification can be misunderstood and implications of this misusage


TV interview from Bahrain

On this Friday a CDs with video materials arrived. This interview was completely unannounced event, it was done during and after opening ceremony of the CyberCrime training in Bahrain.  The fact I have to talk was a real shock. I was afraid of outcome and been watching my part of video with huge fear. Some previous  filming always cause me a bad memory. This one was not so bad at least my  answers, but I was so ugly on the screen .... Camera does not like oily skin and sunspots especially in strong artificial light. Answers and question was Ok, me mostly talking about need for education and concept of computer  hygiene being told  to everyone