Presentation on accelerating digital forensics and incident response at AusCERT2016

On 26th May 2016 Dr Schatz will present on accelerating forensic and IR workflow at the AusCERT 2016 conference, in the Gold Coast, Queensland, Australia. The seminar, titled “Accelerating your forensic & incident response workflow: the case for a new standard in forensic imaging” will address the following:

Today’s forensic processes are mired by practices carried over from a pre-networked world; with inexpensive and exotic storage, mobile devices, and cloud computing compounding the delays between incident notification and meaningful analysis. Practitioners and responders are faced with the unsatisfactory choice of either forensically preserving only a limited amount of evidence while accepting the risk of missing relevant information (triage), or delaying analysis while waiting for full forensic preservation. This seminar will examine the role of existing forensic imaging formats in creating such an environment, and examine how an improved forensic image format (the AFF4 forensic container format) enables practitioners to perform forensic analysis without the delays imposed by current approaches. Finally, the seminar will provide practical advice on adopting such a new approach, defending questions around forensic soundness, and optimising forensic workflow both in the field and in the lab.

UPDATE: The slides for this presentation are available.