If you haven’t heard of Community SANS courses before, I encourage you to have a look at this new format (new outside the US, where it’s been running for years). This is a great way of bringing the popular SANS courses to your local security community at a reasonable cost, especially for those that can’t attend the major events.  It’s worth mentioning that unlike the SANS Mentor  sessions, these are delivered over a six-day period, just like it is at a larger SANS event, including the full set of books and access to audio files. They are just delivered in your own community, in a small classroom setting and at a discounted cost for tuition and travel expenses.

I’ve already described my experience with SANS, both as student and facilitator, so I won’t go over that again. Also, you can find a further detailed description of the Security 503 track on SANS website, an outstanding course that I’ve already described as the “most valuable course I’ve ever taken”. However, I want you to listen to Mike Poor, instructor at the SANS Institute and co-author of this course (along with Judy Novak and Guy Bruneau), describing it on YouTube. Mike Poor is both an amazing professional and a great guy that I had the opportunity to meet at SANS Sydney in 2008, when I took his Penetration Testing class. As Mike would say, this IDS course is simply “awesome”!

Whatever you did, and despite the amount of money you spent, one thing is for sure: if you are reading this it’s safe to assume that you are still interested in reading about good infosec stuff, aren’t you?

Keep reading then and have a look at the following links containing a few interesting security tools, new forensic challenges and even a new Multi-Boot Security Live DVD:

• DFRWS 2008 Rodeo (forensic challenge): The 8th annual Digital Forensic Research Conference was held from August 11 to 13, 2008 in Baltimore, MD. A key element of this conference is the “forensic rodeo”, a challenge where conference attendees form teams to solve a digital forensic problem. The DRFWS has made the materials for the 2008 Forensic Rodeo available on their website for educational purposes and to support further research in memory analysis and file carving. The scenario description and the image files can be downloaded http://www.dfrws.org/2008/rodeo.shtml
• The Open Computer Forensics Architecture (OCFA): OCFA is a modular computer forensic framework developed by the Dutch National Policy Agency meant to be used in large investigations. If you want to give a try you can download the required packages from their main site: http://ocfa.sourceforge.net/
• Splunk: Splunk is a log archiving product that allows to search, navigate, alert and report on all logs in real time. Plus it’s free and available for all platforms on http://www.splunk.com/download
• Multi-Boot Security LiveCD DVD: A new all-in-one multipurpose LiveDVD that combines some of the very popular LiveCD ISOs already available on the Internet:
  • Backtrack 3
  • Damn Small Linux 4.2.5
  • Knoppix 5.1.1
  • Ophcrack 1.2.2 (with 720 mb tables)
  • Puppy Linux 3.01
  • and a few more…

I’m currently downloading the 4GB MultiISO .torrent file and will it give a try soon. Shame that Helix is not part of the DVD, but still looks like a handy tool to have in your Incident Response jump bag.

Enjoy and good luck with you holiday blues!