In this blog post you will first learn what file carving is and, with a simplified example, why it’s useful. Next you will learn how this powerful technique has been applied to the network and how its utility has been expanded beyond just forensics. We will talk about several tools in this article, but specific attention will be paid to the NFEX network file carving tool.
Cisco has had a long history of supporting the Forum of Incident Response Teams (FIRST), as members in the organization, as chairs of various programs, steering committee members, and conference organizers. Cisco has also been providing the network for the global conference for many years. This year I am chairing the conference that will be held in Vienna on June 12-17, 2011. To that end, I am asking for some good security presentations for this year’s conference. We already have some great submissions from Interpol, Kapersky ENISA, etc. As chair I would really like to differentiate the conference with presentations based on real-world cybercrime defense. As we look back we see how rapidly the environment has changed over the past 10 years, starting to bring focus on upcoming changes on the horizon with things like borderless networks, externalization of services, and cloud. And then, further, combine that with the increasing monetization and militarization of cyber threats. FIRST would like to take a close look at the protections and responses of the past, and whether they will be up to the challenge or part of the problem. I talk more about the theme and the conference in this short podcast.
If you have something you would like to share with the security community please read below and contact us using the Speakers Submission Form.
BlueHat is Microsoft’s internal security conference, similar to our own SecCon. This year the conference was held Oct. 14-15, consisting of two full days of great content in a lecture theater environment. As part of their community outreach and Secure Development Lifecycle (SDL) collaboration I was invited to travel to Redmond for a few days to attend. The theme this year was Security Odyssey; I don’t know if you have seen the movie 2001, but there were references to HAL everywhere. BlueHat v10 Talks was a combination of internal and external sessions — with no NDA’s.
Though I spent much of my time in the speaker lounge, here are a few talks I had a chance to hear (with a little bit of Space Odyssey humor).
When you access your email each day, do you do so at a distance of 15 paces because you’re just not sure what might jump out of that inbox? You can just about anticipate an email detailing how another user has caused a “blip” that will stretch your capabilities to protect both the user during their online engagements and the assets of the company? Or perhaps, there will be an email asking to set up a meeting of all-concerned to discuss how the employees in the sales department believe your information security policies are standing between them and their ability to do their job. Whose responsibility is it to keep the user engaged, informed, and compliant with company policy? Odds are, information technology leads will find their constituents asking how to accomplish something that wasn’t anticipated when the policies were created.
In a previous blog “When Your Employee Doesn’t Want to Come to the Office,” I shared my thoughts on the mobility aspects of the employee who wishes to work remotely. Today Cisco released part two of the Cisco Connected World Report and confirmed my hypothesis above: email inboxes are overflowing and IT departments are racing to catch up as the consumerization of the work place continues. Reading part two of the report, I was encouraged to see that more than 80 percent of IT department respondents noted they had an IT policy. What I found disheartening was the results from the end user, which detailed that ~24 percent of respondents didn’t know a policy existed, let alone where to find it. If that is the case, the escalation of policy collision isn’t going to occur.
SecCon is Cisco’s internal security conference aimed at raising security awareness within the company’s development community. On Oct 4th – 7th we completed the third Cisco SecCon and it was a big success. At this year’s conference we had well over a thousand attendees, with representatives from almost every job function. Thank you to all the participants and speakers!