4Cast Award Nominations

It’s that time of year again!

The nominations for the annual Forensic 4Cast Awards, held at the SANS DFIR Summit in Austin, Texas are open. It’s a great conference and I’m hoping to present there this year.

You can submit your nominations for the awards here.

You’re allowed to submit as many nominations as you’d like, and the top 3 in each category go into the final voting held in April. Voting closes end of March.

I thought I’d share my picks for this year. This is the order that the nominations submission page is in (it’s a little out of order compared to the announcement page)

Open Source Forensic Software of the Year

  • Anything by Eric Zimmerman pretty much – maybe we should hit him up for an overarching project name. I’ve tried to get him to call it ZWIFT (Zimmerman’s Windows Investigative Forensic Toolkit) but I don’t think he’s interested. EZWorks was also floated as a suggestion.
  • Autopsy has also made some great additions, and its capabilities have been greatly expanded through the work of Mark Mckinnon
  • Regripper is still my go to for quick registry parsing so it’s worthy of a nomination.
  • Volatility for memory forensics goodness.

Digital Forensic Blog of the Year
Obviously, I’m going to promote my own first, but there are others that are also deserving of nominations.

  • This week in 4n6 – a given (I can’t not right)
  • Magnet Forensics blog – Regularly posts great content (as well as notification of whitepapers, software updates, webinars etc)
  • ElcomSoft blog – Also regularly puts out great content, mainly surrounding mobile devices.
  • Digital Forensic Survival Podcast – Not a blog, technically, let’s call it an audio blog. Michael has been very consistently putting out an episode of DFSP for the last two years.  (PS: If everyone keeps producing their audio content we may even get the podcast category back next year)

Phone Forensic Hardware of the Year
I haven’t really played around with much in this space so I don’t really have a nomination.

  • Cellebrite’s UFED2 is most probably up there
  • There was even a new IP Box that was around for a month or so last year. It was very short lived and apparently doesn’t work any more
  • Paper clips continue to be useful…Sorry, Lee.

Computer Forensic Software of the Year
If they all get nominated I’m not sure which one I’d vote for.

  • Xways – the more I use it the more I like it. Definitely helps having done the X-ways Training course, and Brett’s online course.
  • IEF/AXIOM – IEF is crucial to internet evidence examinations. Axiom’s new features are very interesting and worth further exploration.
  • Recon Imager – Sumuri released their imaging tool, providing an alternative to Macquisition for Mac imaging.

Digital Forensic Book of the Year
Don’t think I bought any books last year but Oleg suggested a few that were released.

Computer Forensic Hardware of the Year
I can probably find something to go with but I haven’t had much experience with any hardware released this last year.

  • The Tableau TX1 was released but I haven’t really played with it. It does look like a good update for the TD3 duplicator (although it would be great if it had an attachable battery, and also pass-through-write-blocking for triage purposes)
  • Atola Insight – Very useful imaging tool; and they constantly put out how-tos on their blog

Phone Forensic Software of the Year

  • UFED Physical Analyser
  • Magnet Axiom/IEF

Digital Forensics Resource of the Year

  • AboutDFIR – Huge compendium of knowledge
  • DFIR.Training – Another huge compendium of knowledge (second does not mean nominated second, both compendiums are great and contain complementary information)
  • Forensic Focus – I say this goes in resources because I find the main utility of the site is the forum. There is also a blog, and it has won blog of the year two years running. I don’t want to disparage the blog, but I do wonder how many votes went to the website as a whole compared with just the blog component.
  • I’m not sure if This Week In 4n6 should go in here too. Although I think I’ve got a better shot at blog of the year as opposed to competing with Brett and Devon.
  • Forensic Lunch – Always good information here, on average twice a month.

Digital Forensic Organisation of the Year

  • SANS
  • Magnet Forensics
  • Both are responsible for a lot of good quality content
  • Sumuri – for getting out ahead of the APFS problem

Digital Forensic Investigator of the Year
I would like to nominate a number of the people that I work with for doing great work that won’t really get the chance to be recognised by the DF community. This is always a difficult nomination because there are a lot of great examiners out there that aren’t interested in being public, or aren’t allowed to; which means this spot goes to the people that are public, proficient at their work, and give back to the community.

  • David Cowen – Forensic Lunch and Test Kitchen
  • Brett Shavers – all of his case studies and the courses that he’s released (and continually puts them on sale). And also taking over DFIR.Training.
  • Devon Ackerman & Mary Ellen Kennel – running AboutDFIR.
  • DFIR Batman – so he has to come and collect his award, preferably dressed as Batman…oh and DFIR.Training.
  • Jessica Hyde – She’s great and works obsessively on DFIR problems – both her own and for others.

Obviously, your nominations may be different, or you may think I should suggest nominating others. The best way to get into the awards is to nominate yourself and find a way to encourage others around you to do the same. Lee has explained that if you don’t get nominated that has nothing to do with him.

Good luck to all of those nominated!

2 comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s