Well, it's done!! Special Agent Allyn Lynd and I delivered a well-attended (350+.....people were getting turned away due to fire code issues) session on Implementing the Fundamental Computer Investigation Guide for Windows, followed by an podcast interview with Kevin Remde for TechNet Radio. We then rushed downstairs for our Interactive Theater session where we spent the entire hour doing Q&A with the audience on the Guide, best practices for investigations (along with a few investigatory nightmare anecdotes from the FBI), and generally had a terrific time engaging the IT Pro audience.
After that we enjoyed a lovely lunch at the "Tech-Ed Trough"........as I affectionately call it (seriously....ever seen 10,000 computer folks all eating lunch simultaneously? You get my point.) we headed over to the Virtual Tech-Ed recording studio where we shot some video for the Virtual Tech-Ed site (which, you should totally check out if you are not here!). Agent Lynd had to have his face covered for obvious reasons. The interview went well and we discussed the key points of investigatory process. For those in the audience who wanted it to be more of a "How do I do computer forensics?" session, I apologize, but as I mentioned during the event.....you really need to get some specific forensics training, if you're going to do this regularly. (Besides, I've seen most of you in person....and you are probably NOT going to be working in a job like CSI:Miami where you get to hang out daily with forensics guru, Calleigh Duquesne. Nice try though.)
So what are the key steps? There's only four, so I can take the time to list them here. Calleigh would be so proud. :
As always, remember, security needs to be seen as a "business enabler" and not a "business hurdle". Once you can start proving to management that by conducting a successful investigation, you saved the company $40 Million dollars in trade secrets that was on it's way to your competitor, you'll find it easier to have the "why we need security budget" discussion easier going forward.
P.S. I know many of you are asking for links to the resources I had on my last slide today. I'll post those tomorrow!
Hunter French just did a bang-up job summarizing the Interactive Theater session, so I wanted to redirect people to his blog for some great info. Thanks Hunter for the gracious write up and capture of the audience Q&A and especially for hanging in there despite the crowded theater and the late presenter (me).