Links

Book Review
Ken Pryor posted a review of Windows Registry Forensics over on his blog...I greatly appreciate the effort folks put into these reviews.  Thanks, Ken, for taking the time to read the book and put your thoughts into a blog post!

If you're thinking about purchasing the book, take a look at Ken's review or any of the reviews on the Amazon site.  I've also been fielding questions, which come in from time to time.

Book Sales Numbers
Speaking of books, I was able to get sales numbers for foreign language editions of Windows Forensic Analysis; of the two editions, the book has been translated into Chinese, French, and most recently Korean.  The numbers may be a bit off, as it took Elsevier (thanks, btw...) some time to get the numbers, but here's how the books are doing so far:

Chinese - 4000 printed, 3281 sold to date
French -  1000 copies printed, 494 sold to date
Korean - 1000 copies printed, 700 sold to date

Pretty nifty.

DFwOST
Speaking of books, a hard copy of Digital Forensics with Open Source Tools showed up on my doorstep today!  Cory Altheide was the primary author...heck, the entire book was his idea...and I have to tell you, he did a great job!  Once, in a galaxy far, far away (actually, it was on the IBM ISS ERS team, but close enough...), I worked with Cory and saw firsthand that he's one of the most knowledgeable and capable forensicy folks I've ever worked with.  Not only is Cory REALLY smart, but he also likes beer!  Actually, I think his preference is single malt scotch...I know that sounds like some kind of personal ad but if you see him at a conference...you know what I'm sayin'! 

At first glance, the book turned our really well.  I was more interested in the formatting and how some of the images turned out more than anything else; spelling issues weren't my primary focus. The book is chock full of some really good information, and the content is mostly directed at beginners; however, I think everyone will find something useful.  For example, one of the open source tools that Cory described was the Digital Forensics Framework; I installed v1.0 on my Windows 7 analysis system today, and it fired up quite nicely (I'll be discussing DFF more in a later post).

Carbon Black
The guys over at Kyrus Tech are really moving along with Carbon Black.  If you haven't heard of this product, you really should check it out!  Cb is a lightweight sensor that monitors execution on systems, watching for new stuff being launched.

Kyrus recently sent out invitations to folks to download their latest version of Cb, and they've also set up a user forum (on Ning) for folks to engage with Kyrus and each other regarding the use of the sensor, and the resulting data.

Here's a good read on Cb vs. the RSA hack...

But Cb isn't just about security and IR...one of Kyrus' case studies involved cost reduction across an enterprise by determining how many employees were actually using the full breadth of an office application suite; by reducing the licenses in accordance with actual usage, and purchasing separate copies of the component applications for the employees who actually used them, the organization was able to realize a significant cost savings.

OMFW
Aaron Walters is back at it again!  Prior to DFRWS 2008, Aaron had the first Open Memory Forensics Workshop, and I have to say, the format was a welcome change to many of the conferences I'd attended in the past.  Having short talks followed by panels was a great way to break up the long periods of sitting and listening, and I found the format engaging and stimulating.  Even better was the technical content based on who was there and presenting...all of the big names (Aaron, Moyix/Brendan, George M. Garner, Jr., etc) in memory acquisition and analysis were there, and it looks like Aaron's planning another OMFW soon!