ITB DF/IR Tip Contest – Update

Posted in Uncategorized on December 5, 2009 by cutaway

Okay, the ITB DF/IR Tip Contest went off without a hitch.  Well, actually there was one hitch.  I have only found one entry.  Harlan and I have been very busy generating content, getting ITB ready for the January release, and working our day jobs, but I did have time to search for entries using Twitter Search.  I never found any hits with #ITBTIP tag.  But, before I jump to any conclusions I am going to give you a week (till December 12, 2009) to point me to your DF/IR awareness tip.  This tip must have been submitted during the contest timeframe.  So, if you did submit a DF/IR awareness tip for the contest, please use the ITB Call Box and point us to your submittal.  I will be glad to review your twitter history but please be sure to at least include a date and time to help narrow down the search.

Barring that I guess the one submittal will be the best submitted (it is pretty good anyway).  As to the one person who submitted the lone, he did so via the ITB Call Box, so you will just have to await to see his entry.  I would, however, like to thank him for participating.

Have a great holiday season,

Don C. Weber


ITB DF/IR Tip Contest

Posted in Information with tags , , , , , on November 5, 2009 by cutaway

To help raise awareness about  Into The Boxes (ITB), digital forensics, and incident response, ITB will be holding a competition via Twitter.  This contest will also help  show the community how easy it is to collaborate and contribute to the ITB effort.  The basis of this competition are Digital Forensic and Incident Response (DF/IR) tips that can be placed in the space allowed by the Twitter “What are you doing?” textbox.  To help ITB Staff identify entries each tip entry will need to start with “#ITBTIP: “.   This leaves each contestant 131 characters to work with when creating a DF/IR tip.  Links are allowed but they will only be taken in context of the DF/IR tip and not followed.  Here is an example:

#ITBTIP: Wipe drive with known pattern – # sudo dcfldd textpattern=IntoTheBoxes of=/dev/<drive>

Size doesn’t matter as long as the tip is less than or equal to 140 characters including the header.  Tips do not have to be technical.  DF/IR managerial statements are sometimes just as important as the data acquisition and analysis and are good for elevator/water cooler comments and are the basis for more in-depth recommendations that can be used in Lessons Learned and Final Reports stemming from an incident response effort.  Here is another example.

#ITBTIP: Centralized logging provides us valuable IT security information while reducing the cost required to review and alert on incidents.

All entries will be judged by the ITB staff.  The results will be posted here and the top five will be included in the January 2010 release of  ITB.   Tips will also be reused, periodically, by ITB to promote DF/IR awareness.  If you do not have a Twitter account but would still like to participate in the contest just drop us your tip, which must still follow the contest guidelines, using the ITB Call Box.

This contest will end on November 22nd, 2009.  So you have a little time to think about what you want to do.  To be fair only five submissions per person are permitted and only one of those will be allowed into the top five category.  The first prize winner of this contest will receive a hard copy version of the ITB inaugural edition signed by the ITB Staff.  Not much, but it is all we have right now.  There will only be three hard copies made of this first edition, so this will be a limited edition.

While you are at it, you can follow ITB events by following us on Twitter or subscribing to our feed.

So, here is a list of those rules again.  These may change a little if somebody points out something glaringly obvious, so check back and watch our Tweets.

  • All tips can only be 140 characters and must use the header “#ITBTIP: ” (so you only get 131 characters).
  • Links are allowed but they will only be taken in context of the DF/IR tip and not followed.
  • Contest ends at 00:00:00 CST on November 22nd, 2009 the winner will be announced on November 29th, 2009.
  • Five entries per person and only one can be in the top five.
  • All entries will be judged by ITB Staff.
  • Tips can be submitted via Twitter or the ITB Call Box.
  • All participants agree that their tips can be reused on the Into The Boxes website and in future Into The Boxes publications.  All copyrights, outside of these limited publishing rights for Into The Boxes, will remain with the author of the ITB Tip.

Go forth and do good things,

Don C. Weber


Contributing to Into The Boxes

Posted in Information with tags , , on November 3, 2009 by cutaway

The staff of Into The Boxes have tried to make contributing to this resource as easy as possible.  You can find most of the information you need right here.  Just look to the right sidebar and you will find links to all of the following information.

  • Into The Boxes – Main page that will change very little but does contain useful information about the next release.
  • Blog Box – You are here. Enjoy and come back often.
  • Collaboration Box – Guidelines to help people understand how to collaborate and get articles published in this e-magazine.
  • Research Box – A list of topics to help authors who are looking for inspiration.  We are accepting requests for articles and these requests will be posted here for us and others to consider as topics for future articles.  Use the Call Box to get us you request or let us know you are working an a particular topic.
  • Mission Box – the mission statement which guides Into The Boxes.
  • Call Box – when you need to contact the staff of Into The Boxes use this web form.  This will notify the proper personnel and we will get to your request as quickly as possible.

Obviously as we move forward we will have more pages with more information.  Starting in the first week of January 2010, with the release of Into The Boxes‘ first issue, we will have pages for curent and previous issues of the e-magazine.  For now, however, simple is better.

Do not forget to subscribe to the Into The Boxes feed so that you are up-to-date with new information about Into The Boxes.  You can also get information about the e-magazine on Twitter by following IntoTheBoxes.

Please let us know if something is missing or needs clarification.  The staff of Into The Boxes will get to your input as quickly as possible.

Go forth and do good things,

Don C. Weber

Welcome to “Into The Box”

Posted in Information with tags , , , , , on October 28, 2009 by keydet89

Don and I have discussed for some time starting a magazine or e-mag, of sorts, for the DF/IR communities.

I thought it would be a good idea to start off with a “why are we doing this” post, and to answer that question, I’ve included the mission statement that Don and I came up with here:

The mission of Into The Boxes – Digital Forensics and Incident Response Magazine is to provide a reliable resource regarding digital forensics and incident response topics, and issues facing the information security and computer forensic communities. The goal of Into The Boxes is to provide quarterly insight into technical and managerial issues in the community through content provided by professionals actively engaged in these activities. Open communications and sharing are critical components to education and advancement, and the contributors associated with Into The Boxes hope to provide consistent and insightful resources that will lead to open discussions and advancements within the digital forensics and incident response communities.

So, this blog will act as an initial resource for communications until Into The Boxes hits the streets, and once that happens, will act as a supporting resource (notification of release, providing responses and table of content information between issues, etc.).

Now, this e-mag is NOT meant to replace anything; in fact, it’s an attempt to augment what’s already out there, by providing additional resources in an easy-to-read and easy-to-manage format.

That being said, the best way to turn this into a valuable resource is to get insight and input from the community…that means you. Feel free to comment here or email us to provide your thoughts, comments, questions, insights, and requests. One word about requests…being just two guys doing this all on our own, please consider this…any request that you have that requires resources (i.e., commercial tools or software, equipment, significant time, etc.)

Harlan Carvey