It seems there is a cycle in forensic conferences where the titles are cool and often misleading…then the presentation lacks.

Here it is:br /br /a href=”http://www.dailymail.co.uk/news/article-1336331/Baywatchs-Donna-D-Errico-singled-TSA-body-scan-looks.html”Exploitation of TSA scanners/abr /br /I knew it would not take that long. nbsp;In fact, I recall the first weekend TSA ‘people’(I REFUSE to call any of them “agents” as I know agents and that is slap in the face to classify them as the same) exploiting their position to “randomly” pull people for full body scans.br /br /Here is my prediction…br /br /Listen up, because as I told my wife, “Show me the most secure, honest, good-intentioned government intervention and I’ll show you a degenerate that will exploit it…most like with a dolphin, donkey or midget.”br /br /Anyway, here is my prediction:br /br /Aforementioned degenerated TSA person(armed with cell phone and camera) pulls a person into the scanner and takes a snapshot with the camera. nbsp;Instant pr0n.br /br /Further…br /br /A celebrity gets pulled into the scanner(because they just KNOW that David Hasselhoff is an Al-Qaida operative…”HEY MAN! Don’t hassle the Hoff….get me a cheeseburger, Mujibar!”). nbsp;A snapshot is taken and sold to the papers for big bucks.br /br /Further more…br /br /A child is pulled into the scanner and a snapshot is taken and instantly child pr0n has been created by a government “official”.br /br /Lastly…br /br /I’m not *too* familiar with the systems, but I’ll venture a guess that there is a hard drive in the scanners. nbsp;I’ll make a guess also that the processing of the picture will need to put remnants on the hard drive. nbsp;So…br /br /How can the government justify essentially creating child pr0n?br /br /…and suddenly an entire industry of Government Created X-Ray Pr0n has been created.

Buzz words are for marketing people, managers, and other people wishing to look the part(a part…any part). nbsp;New buzz words in forensics seem to be masking the actual issues at hand. nbsp;Here is a list of buzz words where one can get sucked into:br /br /”APT”-Advanced Persistent Threat. nbsp;Do you know what they called hackers before APT? nbsp;Hackers. nbsp;Do you know what they’ll call hackers AFTER APT? nbsp;Hackers. nbsp;I can not count the meetings I have been in where the intruded company was bent on knowing “is it APT?”. nbsp;”Does it matter?” is my usual response. nbsp;”WIth all due respect…”(nothing good ever comes after this statement either), “if China steals your trade secrets and makes a product as good or better, then most people will buy that one because there are trailer parks ALL OVER America that want cheap flat screen TV’s from Wal-Mart….so who cares where it originates? nbsp;You won’t be able to prosecute, nor will you find them, so how about protecting your assets first.”br /br /”Super Time Line”- Do you know how confused an agent, cop, manager, CEO is when you hand them a huge SQL database for a timeline. nbsp;I find that the best way to Timeline is to put in pertinent facts/times only. nbsp;Leave the Super Duper Ubertacular Awesome timeline buzz wording to other security consultants and do the job. nbsp;Believe it or not, by telling the truth and getting the job done, a company will want to keep you around as THEIR security team.br /br /br /In summation, the end game is the same no matter if the intruder is China, Ecuador, a pasty white fat kid in his parents basement–they want leverage. nbsp;Something, ANYTHING that is worthwhile. nbsp;And the funny part is, the Methodology is the same as well. nbsp;Add a hacker (a nice one that is not too adverse to Sun or people) to your forensic team and see how your cases are more complete. nbsp;FAR TOO OFTEN have I had to mop up the dregs of a case wherein a “company” sent their “Senior Consultant”(who egotistically adds the certification acronyms to their “Last Name” box on Linkedin). br /br /Don’t be “that company” or “that consultant”. nbsp;Think outside the box.

Several moons ago, I went to a conference and was misfortunate enough to sit through a presentation given by someone who was(unfortunately) given the task of presenting on email forensics. nbsp;The opening went something like this:br /br /”Who here uses email?…..you?…what about gmail?……hotmail?…….eudora?…..”. nbsp;And this went on for a LONG time. nbsp;He took a rhetorical question and beat it stupid. nbsp;As the STREAM of people cascaded past me, I felt bad for the guy and punished myself by staying in the presentation. nbsp;He relied on the internet for his presentation. nbsp;Yes, his presentation consisted of downloading and installing applications. nbsp;As Murphy’s Law dictates, he was unable to get on the internet. nbsp;So the sucky presentation, which could not have been worse, actually got worse. br /br /Time goes by and I am at PFIC in Utah and see a presentation on handheld forensics. nbsp;The opening line by a familiar looking person starts with, “Who uses a cell phone? nbsp;you?….you?….what about an iPhone?……..you?”. nbsp;And I realize at that point that I have been pwn’d TWICE by this person.br /br /Which brings me to my main rant about this page. nbsp;Just because someone is presenting on a topic, does not mean they are 100 percent correct on what they are saying. nbsp;This has happened several times. nbsp;FOR INSTANCE, when I left my last job and went to another, they tasked us with doing forensic analysis on Timestomp usage and tracking that down. nbsp;I did EVERYTHING with timestomp. nbsp;I pimpslapped it around for over a month. nbsp;I analyzed it like a fat kid weeding out vegetables from a dinner plate. nbsp;Short story long–I KNOW timestomp. br /br /Months later at a conference I hear a well-known name presenting on a new buzz word(don’t get me going on forensic buzz words…I’ll post later on that…), and he mentions timestomp specifically. nbsp;I suddenly perk up and listen in hopes of learning something new. nbsp;To my dismay, he puts out bum info! nbsp;As I was leaving, I asked “Are you sure it works this way even if you do X?”. nbsp;Staring blankly….”Uh, yeah. nbsp;Yes, it will”. nbsp;2 hours later, ANOTHER big name starts spreading “False Doctrine”(as I have come to dub it). br /br /Dang shame, yo.