Tuesday, April 30, 2013

Hacking Exposed: Computer Forensics Update

We've been asked to update Hacking Exposed: Computer Forensics and bring out a 3rd edition in 2014.

Here's the proposed chapter layout:

Part 1 Fundamentals
1 The Forensics Process
2 Computer Fundamentals
3 Forensic Lab Environment Preparation

Part 2 Evidence Collection
4 Forensically Sound Evidence Collection
5 Enterprise Forensic Collections

Part 3 Forensic Analysis
6 Malware
7 Microsoft Windows Systems Analysis
8 Linux Analysis
9 Macintosh Analysis
10 Cloud Forensics
11 Memory Analysis
12 Defeating Anti-forensic Techniques
13 Enterprise Server and Storage Analysis
14 Email Analysis
15 Internet History Analysis
16 Mobile Forensics

Part 4 Presenting your findings
17 Documenting the Investigation
18 Investigations in the US Legal system
19 investigations in the Euro Legal system
20 Investigations between legal systems

Part 5 Advanced Forensics
21 External Device Analysis
22 Tracking the cloud
23 Enterprise Networks
24 Server Side Application Forensics
25 Source code analysis

Appendix
A Searching Techniques

Tuesday, April 16, 2013

vSphere 5.1 Hardening Guide – Official Release

This is slowly making the rounds.
http://blogs.vmware.com/vsphere/2013/04/vsphere-5-1-hardening-guide-official-release.html.

Excellent job to Mike Foley. Love that it's released in a spreadsheet only format. That's efficiency.   And it's helpful, useful.
The guide is available here.

Thursday, April 11, 2013

Cisco Security Intelligence Operations RSS Feeds

Thinking about one of my favorite feeds, the Cisco Cyber Risk Report, and wanted to make sure to capture the relevant links. Sample report delivered every week contains a synopsis of information covering Cisco vulnerabilities, legal information, trust analysis, geopolitical issues, and upcoming security relevant events such as conferences.
 
Here is the list of feeds offered on Cisco's Security Intelligence Operations RSS Feeds webpage along with the direct links:
 

Looking for Security Product Manager to Join VCE

Looking for an extremely technical Security Product Manager to join our highly focused team. This is the best place I've worked in a decade. Great challenge, work-life balance, excellent comp, outstanding benefits, and access to EMC, VMware, and Cisco training.

What we DO want: Excellence. Experience. Execution. Collaboration. Purpose. People who want to take part in massive industry transformation. The scope of our customers and impact frankly stuns me.

What we DON'T want: Ego. Fiefdom builders. People looking for something to "try".

Learn more about the position and apply here: http://rfer.us/VCEJvww2y.

I'm part of the team. Contact me for any additional information.

Chris Davis
Senior Consultant - Security and Compliance
Product Management Office
Chris.Davis@vce.com
www.linkedin.com/in/christopherdavis

Monday, April 8, 2013

InnoTech Conference Dallas Presentation


Here's the presentation from last Thursday's Innotech Conference.

Title: No Gimmicks. Build Assurance into Cloud Computing.

Abstract: More than 150 conversations with top level executives responsible for global enterprise and government organizations have shaped this message. The situation is that every level of business and government operations are converging and streamlining infrastructure to manage cost and efficiency. The complication is that organizations must translate existing physical security controls into dense virtual infrastructures. The question is how do you manage risk exposures without compromising your security and compliance requirements. We will discuss how a secure and compliant virtual platform can enable your business with secure separation, compliance visibility, and easier management.

Tuesday, April 2, 2013

Reverse Mapped SANS 20 Critical Controls to FISMA

Greatly appreciate contact from the author of Tech-Wreck Blog who said, "I am trying to make the SANS 20 Critical Controls a bit more "fun"/interactive…"

I really like what he has done. Nice work. It's in that vein that I'm sharing a reverse mapping of the SANS 20 Critical Controls into FISMA (800-53r3) controls, using FISMA as the baseline.

You can find it here: Reverse Mapped SANS 20 Critical Controls to FISMA.