Challenges
As I sit here behind my keyboard, looking at my desktop, I have a couple of items on my plate...things to do...some short-term, some long-term.
One short-term item I keep in mind is, how can I do what I do better? What were some of the challenges I had to overcome on a recent (or several recent) engagement? How could I prepare myself better in the future? This usually results in an update to my own personal IR toolkit, either through a tool (something I've downloaded, or something I've written), or a methodology/process.
One long-term item is preparing to update Windows Forensic Analysis for its second edition. Lots of opportunity there...with tools like RegRipper, a lot of the smaller scripts just go away, and their functionality gets incorporated into a plugin of some kind.
When thinking about these things and actually beginning work on any/all of them, I find myself thinking, what challenges do others face? I'm a consultant by day, and a forensics nerd by...well, all the time. I do primarily corporate work, but I know that folks who hold FTE (full-time employment) positions within organizations doing what I do have a different set of challenges that they face. Throw LE into the mix, and you can see that based on the direction from which you approach IR/CF, and how you're involved in either (or both), you're going to have a different perspective, and a different set of challenges.
What are your challenges? Are they technical? Political?
One short-term item I keep in mind is, how can I do what I do better? What were some of the challenges I had to overcome on a recent (or several recent) engagement? How could I prepare myself better in the future? This usually results in an update to my own personal IR toolkit, either through a tool (something I've downloaded, or something I've written), or a methodology/process.
One long-term item is preparing to update Windows Forensic Analysis for its second edition. Lots of opportunity there...with tools like RegRipper, a lot of the smaller scripts just go away, and their functionality gets incorporated into a plugin of some kind.
When thinking about these things and actually beginning work on any/all of them, I find myself thinking, what challenges do others face? I'm a consultant by day, and a forensics nerd by...well, all the time. I do primarily corporate work, but I know that folks who hold FTE (full-time employment) positions within organizations doing what I do have a different set of challenges that they face. Throw LE into the mix, and you can see that based on the direction from which you approach IR/CF, and how you're involved in either (or both), you're going to have a different perspective, and a different set of challenges.
What are your challenges? Are they technical? Political?