Learn to think like a spy! Many shops use journaling for a variety of reasons, but may not be familiar with how to use these journals for forensic purposes. Mining your journals for the who, what, when, where, how - and sometimes even why - can be very useful, not to mention fun! Come join us for a lighthearted and entertaining "Mission: Impossible" themed look at one of the most useful things you can do with your journals. This session will introduce journaling concepts and share tuning tips to optimize your journal environment for forensics. After reviewing the "old fashioned" way to dig into your journals, we will demonstrate how much easier this is with the right tools. The DMPJRN and CVTJRNDTA commands used in this presentation will be made available as a free download to all attendees, including source code!
Learning Objectives - After participating in this session, attendees should have the skills and tools to:
- Optimize your journal environment to maximize the forensic information available to you
- Understand what your journals are trying to tell you, and how to interrogate them to get the answers you need
- Dump your journals quickly and easily using the free software made available
- Be able to interpret the content of your journals to determine what really happened to your data
- Use the techniques demonstrated in the provided source code to develop your own tools
- Save the world from evil-doers
Anyone who would like to better understand how to maximize their journaling environment to make use of forensic data would benefit from this session. If you've ever needed to figure out how something happened to your data, if you like playing detective, if you enjoy building tools to make your job easier, then please join us!