Tuesday, June 3, 2008

The Tech at TechnoSecurity

Here's a few of the things I took a look at when the exhibit hall was open at the conference..

P2P Marshal was released by Cyber Security Technologies. You may have heard of this tool under a different name File Marshal. Anyways there's a free download available of P2P marshal here . It's being marketed as a tool to investigate peer to peer file sharing use. I know the developers behind the tool and I'm glad it was finally released. Great work! I've got a copy that I'll be playing with shortly. I can't wait to try it over an F-response connection

WetStone showed a VERY BETA copy of Livewire Investigator 4. It's a marked improvement over the older product. Much cleaner with some interesting features. I wouldn't jump on board with this tool at this time. They had to rush to get something they could show at the conference. They're also beta testing a U3 device analysis tool. If you're gov't or LE and are interested, shoot them an inquiry message.

Paraben was showing off their CSI stick which is very cool if you haven't checked it out already. They'll also be hosting a conference in Utah from Nov. 9-12 this year.

Tableau will be releasing a drive copier/eraser device. The guy I talked to suggested a 6GB/min throughput for SATA/SATA but said they'll see how that actually turns out. This device is due out in August. Price point should be under $3k.

Vantos has a somewhat interesting workflow/playbook based appliance used in automating Incident Response across multiple parties such as LE,Legal,Risk Management etc. Basically anyone involved in a case. Looks very bulky but kind of interesting. I did not get a price, nor did I ask.

I finally got a preview of HBGary's Responder tool. The tool looks very interesting. I'm a bit perturbed by the Guidance partnership, but at least Responder Pro will still be sold as it's own product.

Forensic Computers has migrated to the Cooler Master Cosmos case. If you haven't seen this case yet, you've got to check it out. It's a fantastic design and is great for a forensics machine.

I'm not a mobile device examiner so I pretty much stayed away from the booths selling the related products. It's such a specialty that quite frankly it's probably cheaper for most people to subcontract or hire out a specialist when confronted with mobile devices. It's a hardware nightmare.

Techno Security was a good conference, it was good to meet some great people who work all sides of the industry. Some talks were fantastic while some were simply sales pitches. I had hoped to meet Richard Bejtlich down here but maybe some other time. It was disheartening to hear about the Michigan decision to force PI licensing, especially after meeting those directly affected by this decision. That's about it for TechnoSecurity 2008 for me.

EDIT: Clarification on the Wetstone U3 tool. This tool is based on a U3 device that gets plugged in to a suspect machine. It will collect volatile data. Sounds a little like COFEE and USB hacksaw in one.


Mark McKinnon said...

Yes it does suck to be in Michigan now. I left a message with the State licensing board to find out when the new application would be available and the timeline for when the new law would take effect (some PI's are saying immediatly, which they would say that) but have not received a call back. I will make my daily call to them to see if they will talk to me.

MattC said...

Hogfly - thanks for the reviews posted the last couple of days. Very interesting for those of us that didn't make the conference.

LegalEvangeline said...

so i am a newbie to forensics and i read your bog all of the time.

some interesting info came across my desk today regarding Guidance Software and their internal eoe practices and their inability to respond to a pending litigation. the link to the docs are posted here:

and here:

and the jams request for ruling is posted here:

i met a few of the hbgary people at ceic and i can't pretend to know what they do, but they might run from Guidance when the criminal charges hit the founder and the executives.


Keydet89 said...

I'm a bit perturbed by the Guidance partnership,...

In your mind, what's the issue? Wouldn't partnerships make sense? Partnerships can drive sales, or at least open the avenues for such things. From there, more sales can lead to a more refined product.

Of course, if you don't agree, you can always vote with your wallet. =)

hogfly said...

I've shared my concerns with the HBgary folks. It's not the fact that a partnership exists. I think partnerships are a good thing. It's the company they partnered with that I don't care for. The good news as I said is that I and others can still buy responder from HBgary rather than GSI.

hogfly said...

Thanks for reading and thanks for the links to the documents. Very interesting stuff. The details are nothing short of alarming.