July 2019
Mon Tue Wed Thu Fri Sat Sun
































Upcoming Events

Simplepie detected an error. Please run the compatibility utility.
The following Simplepie error occurred:
A feed could not be found at http://www.google.com/calendar/feeds/htciaontario%40gmail.com/public/full?futureevents=true&sortorder=ascending&orderby=starttime&singleevents=true&hl=en-GB&ctz=America/Toronto&max-results=5
Open Source Digital Forensic - Online Session this Thursday PDF Print E-mail
Tuesday, 16 October 2012 18:57

Greeting HTCIA Ontario Chapter Members,

On Thursday 18 October 2012 at 8 pm EDT, Harlan CarveyJoachim MetzDarren Bilby and Mike Wilkinson, the authors of a few new tools that were released at the 'Open Source Digital Forensic' conference last month, will demo and talk about their creations.

Harlan - Forensic Scanner
Harlan has had the idea for forensic scanner for quite a few years, I remember reading about something like it in one of his early books. This tool is all about automation, getting the information you need all the time, in a simple manner. The other significant feature is that through the use of plugins you are automatically creating a knowledge management system, Harlan always has great ideas in this area and I will let him fill you in on the details.

Joachim - libyal
Anyone who has used linux as a forensics platform would have used one of Joachim's tools, most likely libewf, however you probably do not realize just how much he has contributed. Joachim has released so many libraries that google thought he was a bot and blocked his account for a bit! He has now created a new repository for all his efforts, Yet Another Library (libyal). For this session he will be demoing libvshadow and libevtx and giving an overview of some of his other projects.

Darren - GRR
I first heard about GRR at DFRWS last year, it sounded like a great tool then and I am excited to see it is now in alpha testing. GRR has been developed by a bunch of googlers to manage their internal incident response. It works by installing a small agent on client systems which collect and send data back to the management/analysis system. You can read more about it on the site, but this looks like a really powerful tool. (Darren also gets extra kudos for joining in from Zurich where it will be the middle of the night).

TAPEWORM is a joint project between the Leahy Center for Digital Investigation at Champlain College and TASC. It is the brainchild of Doug Koster and aims to automate the preprocessing of a hard drive image. It automates the execution of a number of open source tools, including volatility, log2timeline, the sleuthkit, regripper, exitfool and includes a "find the evidence" function that will find files of interest to the investigation.

This is a great chance to learn about some powerful free tools directly from the developers.

For more details and instructions on joining in go here:  http://www.writeblocked.org/index.php/dfironline.html

REMINDER: 2013 HTCIA Ontario Chapter Executive Committee nomination:

The High Technology Crime Investigation Association is designed to encourage, promote, aid and effect the voluntary interchange of data, information, experience, ideas and knowledge about methods, processes, and techniques relating to investigations and security in advanced technologies among its membership.

The nomination process is now open and will run until the end of October 18.

Scott Graham will be the incoming president and the available positions are as follows:

1st VP: enlists speakers, helps to organize each technical meeting, sits in on International conference calls, attends the 2013 International Conference with partial support from the local chapter. This is a 2 year commitment as you will become the 2014 President.

2nd VP: finds sites and rooms for the technical meetings and the social events, handles technology issues for the meetings

Secretary: sends out meeting announcements and meeting "summaries", organizes the membership list

Treasurer: handles money (US and CAN)

Please consider running. It promises to be an interesting year, with progress being made on Webex-like meeting presentations, student chapters, and other issues. 

It would be good to have a mix of LEOs, enterprise types, private consultants, and even academics.

If you have any questions about duties or workload, please send an e-mail to Scott Graham ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it )

The new executive will be voted in during the October meeting.


2012 HTCIA Ontario Chapter Executive Committee

Ben Whittaker -- President
G. Scott Graham -- 1st VP
Matthew Ross -- 2nd VP
Eugene Silva -- Secretary
Neal Greenberg -- Treasurer


Last Updated on Tuesday, 16 October 2012 19:12

Please log in to post comments

Copyright © 2019 htciaontario.org. All Rights Reserved.