Many are probably wondering who I am and if this is worth their own time. My hope is that it will be! To start, I won’t go into my background too much…if you want to know it you’ll probably be able to ask around to put the pieces together. Also, I’m not of the kind of person who thinks degrees and certs make the person. Do I have those? Yes, I do. We will leave it at that.
My first, and probably only, claim to fame within the community has been the GCFA gold paper I wrote: https://www.sans.org/reading-room/whitepapers/forensics/filesystem-timestamps-tick-36842. It was the first time I really branched out and it was very worth while. I would solicit everyone to do that deeper dive research to further the field. How did I come up with this? It really came to be that I just didn’t understand how timestamps would reflect if it was bouncing around a bunch of filesystems. And low and behold, the paper wrote itself. Seriously…I had this thing written before I even submitted the idea to GIAC for the gold paper. That was just how easy it was!
That is my urge to you on this Sunday…find something you’re passionate about and start researching it! After speaking with many of our peers over the last weekend, I am going back to that paper and revising it. Namely to make it cleaner and much more visual friendly. So be on the lookout!
