While it has been some time since I last wrote, I’ve kept myself occupied! Here are a handful of selected highlights from my last couple of months.

Forensic 4:cast Awards Nomination

As a newcomer, it’s awesome so many of you help nominate me for Forensic 4:cast Awards’ DFIR Newcomer of the Year. I look forward to finally meeting many of you in person at the SANS DFIR Summit in Austin, TX! It’ll be my first large DFIR event!

HTCIA Silicon Valley Chapter Challenge Coin

In 2022, I submitted a challenge coin design for the HTCIA Northern California Chapter and it was selected by the members. The coin features a retro/tech theme with the California Grizzly Bear in the valley and Mount Shasta in the background – a prominent landmark in California. The coins came out fantastic!

I was inspired to submit another design for the Silicon Valley Chapter. That was also selected. It may be a few more months before the coins are manufactured, but I look forward to sharing the design when they are.

Learning Python

After my mini-adventure with bash, I decided to get a little more serious to learn python. Fortunately, I don’t have to do it alone. I can learn with the DFIR Python Study Group facilitated by Alexis Brignoni! Using the syllabus as a guide, I’ve worked through the first two classes. Learning about python’s standard library already has me feeling pretty good. I don’t have a study regiment right now, but I have the book on my desk to pick up where I left off when the opportunity arises.

SANS FOR585

For the last couple of years, I’ve been collaborating with the team at work to mature our process to collect mobile phones and perform analysis. To get myself started, I referenced several books: Mobile Forensic Investigations by Lee Reiber, Practical Mobile Forensics by Rohit Tamma, Oleg Skukin, Health Mahalik and Satish Bommisetty , and iOS Forensics for Investigators by Gianluca Tiepolo. While I have yet to make notes in it, I also have Oleg Afonin and Vladimir Katalov’s book, Mobile Forensics – Advanced Investigative Strategies. The team has made quite a lot of progress. I believe in recognition of that progress, and investment in my skill and knowledge, my employer sponsored my enrollment in FOR585: Smartphone Forensic Analysis In-Depth. This will be my primary focus for the next few months.

Exploring Data Erasure

In Scott Moulton’s class on forensic hard drive data recovery, one of the myths he covers is, “You need a special program to wipe a hard drive”. Moulton states that is false. Since 2001, a hard drive’s mother board has a specific ATA command, Secure Erase, that is already built-in. An enhanced version was implemented after 2004. These built-in ATA commands are available for both HDDs and SSD. For SSDs using the NVMExpress specification, data erasure matured significantly in 2017.

Erasing SATA Drives by using the Linux hdparm Utility
Secure wipe an SSD with its build in commands
Major New Features in NVM 1.3, Sanitize
Verifying SSD Sanitization

Any Linux distribution with hdparm or nvme-cli can issue the necessary commands. Conveniently, CAIN 13 has both: hdparm (v9.6) and nvme-cli (v1.16-3).

WiebeTech’s NVMe Drive eRazer and Drive eRazer Ultra are capable of producing reports about the erasure process. MediaClone and Atola are additional examples that can also wipe NVMe drives and other drives using the ATA standard.

After reading Ben Rothke’s review, I picked up Net Zero’s and Ones: How Data Erasure Promotes Sustainability, Privacy, and Security by Richard Stiennon, Russ B. Ernst and Fredrik Forslund. While appearing to lack any specific technical details on wiping a drive and validating it, it may be a fair overview of regulatory requirements and policies to consider when implementing a data sanitization program.

I’m still reading my way through the book, but I found it odd that Chapter 2, “Where Are We, and How Did We Get Here?”, does not mention Dr. Gordon Hughes – a developer of the secure erase system. A search of my entire copy of the eBook does not mention Hughes at all.

For good measure, I also have a copy of Best Practices for the Destruction of Digital Data by Ryk Edelstein and Gordon Hughes.

Chickens

While my primary intent to keep chickens is for fresh eggs, I have come to enjoy it as a hobby. I don’t even make it point to cull any of the egg layers that no longer produce despite the feed to egg ratio becoming disadvantageous. Many have lived between 5-8 years.

I’ve lost many of these older birds, including some of the younger egg layers, to predators. I also lost a handful of young Buff Orpingtons to a heat wave a couple years ago.

Ordinarily, I have a flock of about 10-15, but I was down to two this year. Three if I count my neighbor’s rooster. In March, I picked up 13 chicks. I expect them to start laying in August.

TOTK

Since its release on 2023-05-12, I’ve also been playing The Legend of Zelda: Tears of the Kingdom.