Time is an important aspect of Network Security Monitoring. If you don’t pay close attention to the time shown in your evidence, and recognize what it means, it’s possible you could misinterpret the values you see. My students and I encountered this issue in TCP/IP Weapons School at Black Hat this week. Let’s look at the first ICMP packet in one of our labs. I’m going to show the output …

Amazon.com just published by two star review of Digital Forensics for Network, Internet, and Cloud Computing by Terrence V. Lillard and company. From the review : Digital Forensics for Network, Internet, and Cloud Computing (DFFNIACC) is one of the worst books I’ve read in the last few years. You may wonder why I bothered reading a two star book. Blame a flight from the east coast to Las Vegas and not much else to read during those five…

Amazon.com just published my three star review of Virtualization and Forensics by Dianne Barrett and Gregory Kipper. From the review : “Virtualization and Forensics” (VAF) offers “a digital forensic investigator’s guide to virtual environments” as its subtitle. Eric Cole’s introduction says “How do we analyze the [virtual] systems forensically since standard methods no longer work? Let me introduce a key piece of research and literature, VAF.” I disagree with Eric’s claim: I did not find VAF to be a compelling resource for forensic investigators of virtual environments. If an author writes a book on virtual…

Amazon.com just published my two star review of Digital Triage Forensics: Processing the Digital Crime Scene by Stephen Pearson and Richard Watson. From the review : I have to preface this review by saying my criticism of this book should not be taken as criticism of the brave men and women who put their lives on the line fighting for our freedom in Southwest Asia (SWA). I’m reviewing the book “Digital Triage Forensics” (DTF), not the people who wrote it or the people who rely…

It’s clear to me that Dell needs a Product Security Incident Response Team, or PSIRT . Their response to the malware shipping with R410 replacement motherboards is not what I would like to see from a company of their size and stature. Take a look at this Dell Community thread to see what I mean. It’s almost comical. These are a few problems I see: They are informing the public of this malware problem using phone calls, not a posting on a Web site. A customer thinks he’s …

Amazon.com just posted my three star review of The Watchman by Jonathan Littman. From the review : The Watchman by Jonathan Littman is a tough book to review. The author states that he started writing a book about Kevin Poulsen (The Watchman), then delayed that project to write a book about Kevin Mitnick (The Fugitive Game, or TFG). After finishing TFG, the author returned …

Amazon.com just posted my four star review of The Fugitive Game by Jonathan Littman. From the review : “The Fugitive Game” (TFG) recounts author Jonathan Littman’s discussions with Kevin Mitnick, largely while the latter evaded authorities in the mid-1990s. This book is unlike others about Kevin, because the author describes multiple lengthy telephone conversations. As much as one can trust the author to reproduce them faithfully, these exchanges provide insights into Kevin’s thoughts and feelings regarding his position as the so-called “greatest computer criminal in the world,” according to dubious New York Times reporting. Copyright 2003-2010 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Amazon.com just posted my four star review of At Large by David H. Freedman and Charles C. Mann. From the review : “At Large” is a “hacking” book published during the mid-1990s, but it doesn’t address the characters usually considered to be the “stars” of that era. Rather, At Large tells the tale of a single-minded and possibly mentally-challenged intruder who infiltrated a large number of sensitive US networks. While I didn’t

Amazon.com just posted my five star review of The Cuckoo’s Egg by Cliff Stoll. From the review : Cliff Stoll’s “The Cuckoo’s Egg” (TCE) is the best real-life digital incident detection and response book ever written. I know something about this topic; I’ve written books on the subject and have taught thousands of students since 2000. I’ve done detection and IR since 1998, starting in the military, then as a consultant and defense contractor, and now as director of IR for a Fortune 5 company. If you’re not an incident detector/responder, you’re probably going to read TCE as a general enthusiast or maybe an IT professional. You’ll like the book. If you’re a security professional, you’ll love it. Copyright 2003-2010 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Amazon.com just posted my four star review of Code Version 2.0 by Lawrence Lessig. From the review : Code Version 2.0 (CV2) is a compelling and insightful book. Author Lawrence Lessig is a very deep thinker who presents arguments in a complete and methodical manner. I accept his thesis that “cyberspace” has abandoned its tradition as an ungovernable, anonymous playground and risks becoming the most regulated and “regulable” “place” in …