Wednesday, August 18, 2010

Want to learn Python....for free?

It's been more than a few years since I took my programming classes and to be honest, it's difficult to keep a skill unless you use it often.  So I decided I'd like to take a programming class and took a close look at Python and Perl.  Has anyone tried to find a good post-secondary class in either language??  Didn't go well.

I persisted in my search and believe I've found a fantastic opportunity...and it's free!!!  You may ask "Yeah, but how good can a free class in programming really be??".  Well, I'll answer that in three letters - M.I.T.

That's right, MIT offers several courses under their MITOPENCOURSEWARE program from courses in Aeronautics and Astronautics, to Writing and Humanistic Studies.  Of course, they have several courses under the area "Electrical Engineering and Computer Science."  Take for instance, the course "Introduction to Computer Science and Programming - Course #6.00".  The course includes full video of classroom lectures,  assignments, exams, solutions - they even have transcripts of the classroom lectures.  You can also download everything so you can study offline if necessary.  Did I mention that it's free?  How about a course specifically in Python - as taught in January, 2010 - A Gentle Introduction to Programming Using Python - Course #6.189.  There are classes in Java, C++, and numerous other areas.

Their Privacy and Terms of Use and information about the Creative Commons licence can be found here.

Monday, August 2, 2010

"The Missing Link" in my computer forensic training.....Network Forensics!

Over the years, I've taken several classes in computer forensics (vendor specific and neutral), information security and networks. Back in April, I realized what was missing - specific training in acquiring and analyzing network-based evidence in a methodical and reproduceable format.  Oh sure, I've used many of the current network tools, but I've always wondered if there was a better way to collect the evidence.  That's when a colleague of mine pointed out a new training course, specifically aimed at meeting this need; and perhaps completing my "Circle of Forensics".

In July, 2010 I had the privilege of attending the new Network Forensics Course - Forensics 558 being offered by the SANS Institute (Washington, DC).  The instructors were Johathan Ham (co-author of the course) and Alan Ptak who provided outstanding training over the 5-day course.  I can tell you, it was very different than my previous training in "traditional forensics".  For over a year now, we've been preparing, training and researching various techniques for acquiring targeted data in a scenario which required us to specifically target and forensically acquire the data which will/would form our evidence (and ensure we do not miss anything, overtly or covertly).  In the day and age of TB-sized hard drives, FDE, volatile data, etc, the move to identify and target key evidentiary information is needed.  Jonathan and Alan's training not only identified key areas to focus on, but several techniques on how to acquire and analyze this information in a more forensically-sound manner.  The course requires a "moderate" degree of Linux familiarity; the instructor's exceptional knowledge and instructional technique more than made up if someone was a little weak in any area.

One point worth mentioning.  While SANS appears to offer laptops on some courses, I have to say that the pre-loaded laptop provided on this course was a good move.  The SNIFT kit had been preloaded onto the laptop and for five straight days, I never heard a single complaint of "something not working", "hardware issues", "I don't have that version", etc.  The laptop had a 250GB hard drive, with VM Workstation and several pre-configured VM sessions (which were essential to the course).   If anyone from SANS reads this - good call!  The hardware (Lenovo S10-3) and software (SNIFT Kit) worked - each and every time.  (if it didn't, it was likely my fault :)

From hearing the various instructors and other speaking during the Summit and Network Forensics course, it appears that SANS has found another niche with a huge demand.  It was an expensive trip - but all in all, very well worth the high quality training.

ps..the presentation from Chris Pogue on Sniper Forensics was awesome and coincidentally, complemented the training provided by Jonathan.  If you ever get to attend this presentation by Chris, don't pass on the opportunity.

In terms of identifying information "to be sniped" from within a larger system, I see a huge need for someone to lead discussion in this area.  It will be necessary to qualify the type of investigation, type of guest/target systems and OS, type of forensics system/tools available, criminal/non-criminal, etc.  The biggest problem I see is that discussions in this area focus on EITHER network/volatile-based evidence, or that normally acquired through "traditional" hard-drive forensics.  We need a discussion which includes all areas of forensics.