After spending most of the early part of my Monday in airplanes and airports, I finally arrived in Las Vegas, Nevada from Burlington, Vermont. I was astonished to see just how different Vegas looked compared to Burlington and I was very excited to explore the conference and learn from the classes there.
I met up with my fellow classmates in the Expo room before the keynote speaker. We walked around to some of the different booths and got to learn about some of the up and coming technologies companies like Oxygen and Magnet Forensics are bringing to the table. After looking through a couple of the booths it was time for the keynote speaker. The keynote speaker was Victor Limongelli, the President and CEO of Guidance Software. He talked to us about how we are in trouble with how much data creation and device ownership is expanding. He said that we need a response to this. He then segued into introducing us to a great new feature EnCase 8 will have. The new feature is Linked Review, which allows for investigators to go through documents and mark paragraphs as reviewed. Once they mark a paragraph as important to their case, EnCase will find all the other instances of the paragraph and only show you the data that you haven’t reviewed yet. This cuts down on a lot of time, and I believe will be a great feature to have in the digital forensics world. There was a live demonstration on how this feature works and a little sneak peak at how EnCase 8 will operate.
After the Keynote, I had my first CEIC Conference class. I attended “Examining Volume Shadow Copies: The Easy Way.” I chose this class as I am working on a research project involving Volume Shadow Copies. The instructor, Simon Key, demonstrated why Volume Shadow Copies are so important and the struggles we are facing to analyze them. He showed us a couple ways of obtaining them from Windows 7 and an EnCase App that lets you do a specialized search on all volume shadow copies that are on an image. I think the app is really great for specialized searches as you do not have to grab all the data and search through it. The app makes searching through Volume Shadow Copies very simple and efficient.
I thoroughly enjoyed my first day at CEIC and can’t wait for the days to come.
Scott Barrett