Who you gonna call?
Remember that old tag line from the '80's? It's right up there with "where's the beef!" However, my question is directed more toward forensic analysis, including anything collected during live response.
Where do you go for thoughts, input or validation regarding your live response process? Do you just grab a copy of Helix and run the WFT tools? Or are you concerned about doing that blindly (believe me, there are folks out there who aren't...), and want some kind of validation? (I'm not saying that WFT and toolkits like are bad...in fact, that's not the case at all. What I am saying is that running the tools without an understanding of what they're doing is a bad thing.)
What about analysis of an image? Do you ever reach out and ask someone for insight into your analysis, just to see if you've got all of your bases covered? If so, where do you go? Is it a tight group of folks you know, and you only contact them via email, or do you reach out to a listserv like CFID, or go on lists like ForensicFocus?
Another good example is the Linux Documentation Project and the list of HowTo documents. These are great sources of information...albeit not specific to forensic analysis...and something I've used myself.
NIST provides Special Publications in PDF format, and Security Horizon is distributed in PDF. CyberSpeak is a podcast. IronGeek posts videos, mostly due to hacking. I included a couple of desktop video captures on the DVD with my book, showing how to use some of the tools.
While agree that we don't need yet another resource to pile up on our desks and go unread, I do wonder at times why there isn't something out there specific to forensic analysis.
Where do you go for thoughts, input or validation regarding your live response process? Do you just grab a copy of Helix and run the WFT tools? Or are you concerned about doing that blindly (believe me, there are folks out there who aren't...), and want some kind of validation? (I'm not saying that WFT and toolkits like are bad...in fact, that's not the case at all. What I am saying is that running the tools without an understanding of what they're doing is a bad thing.)
What about analysis of an image? Do you ever reach out and ask someone for insight into your analysis, just to see if you've got all of your bases covered? If so, where do you go? Is it a tight group of folks you know, and you only contact them via email, or do you reach out to a listserv like CFID, or go on lists like ForensicFocus?
Another good example is the Linux Documentation Project and the list of HowTo documents. These are great sources of information...albeit not specific to forensic analysis...and something I've used myself.
NIST provides Special Publications in PDF format, and Security Horizon is distributed in PDF. CyberSpeak is a podcast. IronGeek posts videos, mostly due to hacking. I included a couple of desktop video captures on the DVD with my book, showing how to use some of the tools.
While agree that we don't need yet another resource to pile up on our desks and go unread, I do wonder at times why there isn't something out there specific to forensic analysis.