Transparency and Information Sharing in Digital ForensicsReturn to TOC presented at FIRST 2014

by Johan Berggren,

Summary : Ever found that your tools or contracted help are interfering with your incident response workflow? That you find yourself discussing and explaining terminology to other responders during an incident? That your tools are just not transparent enough about what data they present you?
Information exchange during an incident should be about the incident, not about politics, semantics or limitation of tooling.
In this presentation we take a look at how you can utilize open source forensic software to overcome some of these obstacles. We discuss several tools that make up a powerful toolbox that provides you with the necessary transparency about the artifacts you are examining. To allow you to focus on the incident related knowledge, questions and answers and not the nitty gritty details of the tools we show you ways to add rich annotations as an overlay on top of the raw data.