int for(ensic){blog;}

In the course of time I found different tools to order event records differently. The Windows Event Viewer, for example, exports records from the highest to the lowest EventRecordID. My own tool parses an EVTX file from its beginning to its end and emits event records as they appear in the file. In most cases this will be in the opposite direction, from the lowest to the highest EventRecordID. But to make things worse, logs can be configured to wrap around, so the record with the lowest number may be found somewhere in the middle. A tool to sort event records in XML format by their EventRecordID would come in handy!

By Andreas Schuster at 02/08/2010, 04:00 PM | Permalink

Version 1.0.2 of the perl Evtx Parser library is now publicly available. This version fixes some bugs and introduces some small changes to the parser's architecture.

By Andreas Schuster at 02/04/2010, 04:00 PM | Permalink

On April 19 and 20, 2010 SANS will held their European Community Digital Forensics and Incident Response Summit in London, UK. Check out the agenda, there will be lots of interesting keynotes and briefings. I'm excited to announce that I will present on the native format of Windows Event Logs on the second day.

By Andreas Schuster at 02/01/2010, 04:00 PM | Permalink

Two years ago I released the first version of a parser for the binary, XMl-based event log file format of Windows Vista. During the last weeks I finally received some bug reports and feature requests. I'm excited to release an improved version just in time for Christmas.

By Andreas Schuster at 12/22/2009, 04:00 PM | Permalink

The 4^th International Workshop on Computational Forensics (IWCF) will held in Tokyo on November 11 and 12, 2010. The workshop does not just focus on computer forensics, but computational forensics, which according to the organizers is "the hypothesis-driven investigation of a specific forensic problem using computers".

The preliminary Call for Papers has been posted. Submissions are due June 25, 2010. Please see the conference website for further details.

By Andreas Schuster at 11/04/2009, 04:00 PM | Permalink

Cybex has published the November 2009 issue of their e-Newsletter on the Fight Against Cybercrime (ENAC). The newsletter covers various organizational, legal and technical aspects of Cybercrime and countermeasures.

In the technical section of this issue Juan Carlos Ruiloba Castilla (Policía Judicial de Barcelona, Spain) discusses fast-flux networks.

By Andreas Schuster at 11/03/2009, 04:00 PM | Permalink

The next Digital Forensic Research Conference (DFRWS) will held from August 2 to 4, 2010 in Portland, Oregon. Ten years ago, DFRWS started as a workshop and over the years evolved into a conference, that brings together researchers and practitioners from authorities and the private sector.

Let's celebrate the 10^th anniversary with a stream of top-notch papers. The call for papers is open, papers are due February 28, 2010.

By Andreas Schuster at 10/15/2009, 04:00 PM | Permalink

AAron Walters is planning an Open Memory Forensics Workshop (OMFW) for 2010. If you're into memory analysis, attending this workshop is a must! Please contact AAron for further details.
(via Jamie Levy)

By Andreas Schuster at 10/14/2009, 04:00 PM | Permalink