Friday, August 15, 2008

DFRWS2008

I have to say...I'm not an avid conference goer/crasher, but I have been to a few security conferences, starting with Usenix back on '00, and including BlackHat, DefCon (presented at DefCon 9), GMU/RCFG, etc. That said, by far, DFRWS is the best conference I've ever attended! Based on content, program structure, and attendees, this was hands-down THE best conference I've ever attended! The only reservation I have in saying that is that the OMFW was a workshop, but I would like to see it somehow either expanded in its own right, or included in the DFRWS conference.

Location, Venue - The conference location was great, and in this case, easy to get to as it was relatively close to my location, and to the airport. The facilities were great, and there were plenty of places to eat locally...although the food provided at the conference was really pretty good. Interestingly enough, when Cory and I checked in on Sunday, Oticon (anime conference) was just finishing up, so there were all these kids dressed up as anime cartoon characters...which was actually pretty funny. Cory posited that DFRWS was the second nerdiest conference in town, and I think he was right! Perhaps this was sort of the unintended entertainment for the computer nerds...

Speakers - The speakers were excellent all around, and the technical committee deserves a round of applause for being able to select the papers that were presented from the range of of submissions. Of course, there were a couple of papers I was particularly interested in, such as Tim Morgan's paper on recovering deleted data from within Registry hive files. Also, the first keynote address by SA Ryan Moore, on network traffic analysis of compromised POS systems was interesting...to hear that the USSS is involved in PCI-type engagements and to what degree.

Networking - One of the best things about conferences like this is that it draws folks from within the community that you hear about or hear from online, but don't actually get to meet face-to-face...until the conference. For example, I don't live too far from Richard of TaoSecurity, but we never cross paths, and got to chat for a few minutes at the conference. The same is true for folks like Moyix, Andreas, AAron, Brian, Eoghan, Michael and many others. In some cases, I've been under the impression that some folks were like unicorns...there were emails and blogs with their names on them, but few would admit to sightings, particularly while sober...and yet, there they were! Another great benefit of the conference was for folks like Tim and JT to meet up...they'd each been working on the same thing (ie, deleted keys within Registry hive files) and neither knew that the other was working away! Having them collaborate can only be a good thing!

Forensics Rodeo - The Forensics Rodeo on Tues evening was a great time. I didn't participate, per se, although Cory did. I mostly wanted to watch and see how others go about their analysis when given materials/data, so I took notes and yelled out the instructions and questions to be answered across the table. In this case, each team was given a Windows memory dump and an image of a thumb drive, and a set of questions. Our team won...which is to say that Dr. Michael Cohen won, using Volatility and PyFlag, and the rest of us within the ECR (military acronym meaning the "effective casualty radius") won through proximity.

If I had one criticism about this event, it would be the fact that the Wharf Rat, the venue for the reception on Monday evening, as out of the one beer that I went there to try! The waitress said that the menu on the web site isn't kept up-to-date...for shame! How dare you play tricks on an old man!

No comments: