tag:blogger.com,1999:blog-6447283518071683105.post3721337921004796753..comments2023-04-02T10:17:04.631-04:00Comments on Forensic Incident Response: Review - Windows Forensic Analysishogflyhttp://www.blogger.com/profile/00741773109962883616noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-6447283518071683105.post-29192441821258331702007-07-06T15:20:00.000-04:002007-07-06T15:20:00.000-04:00that's taking my comment out of context. I said a ...<I>that's taking my comment out of context. I said a lot more than that.</I><BR/><BR/>Right, I'll give you that, but you did say, "...I was perhaps the most disappointed by this chapter." <BR/><BR/>I'm not sure how to take that out of context, particularly after you said *why* you were disappointed. <BR/><BR/><I>I can't give a specific scenario at this time, but I'd be happy to contribute one H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-47080777854493996972007-06-27T10:58:00.000-04:002007-06-27T10:58:00.000-04:00Oh come on, that's taking my comment out of contex...Oh come on, that's taking my comment out of context. I said a lot more than that. I can't give a specific scenario at this time, but I'd be happy to contribute one if you gave me parameters of what you need.hogflyhttps://www.blogger.com/profile/00741773109962883616noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-68004199512366726262007-06-27T06:22:00.000-04:002007-06-27T06:22:00.000-04:00...can't give a specific example...Interesting. I...<I>...can't give a specific example...</I><BR/><BR/>Interesting. <BR/><BR/>I guess sometimes one simply doesn't need all of the data points...<BR/><BR/>Again, sorry to disappoint.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-24271599624211320962007-06-24T10:18:00.000-04:002007-06-24T10:18:00.000-04:00I wouldn't be sorry. The book was great. I can't...I wouldn't be sorry. The book was great. <BR/>I can't give a specific example but something to the effect of taking what you talked about in chapter 1 - using tools XYZ to collect information about the system (Who's logged on, what services are running, what ports are open etc) and then paint a more complete picture of the event. Even if you just took the example of using FRUC/FSP and used hogflyhttps://www.blogger.com/profile/00741773109962883616noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-39629221723901211342007-06-24T06:39:00.000-04:002007-06-24T06:39:00.000-04:00Hogfly,Thanks for the review!...I was perhaps the ...Hogfly,<BR/><BR/>Thanks for the review!<BR/><BR/><I>...I was perhaps the most disappointed by this chapter</I><BR/><BR/>Sorry about that. Do you have an example of what it is you're looking for? For example, when you say, <I>...where multiple disparate volatile data sources are pulled together...</I>, do you have some thoughts on an example or two?<BR/><BR/>Thanks,<BR/><BR/>HarlanH. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.com