DF Industry Happenings

Summits and conferences and networking, oh my! This month, we kicked off by attending a Women in Defense (WID) networking event! At the event, we met with women and men who have served our country and learned about WID initiatives and goals for 2022.  WID strengthens the Defense Industrial Base and workforce by promoting programming that creates and enhances opportunities for women, increasing diversity within the defense community. WID’s mission focuses on empowering women currently working in defense and encouraging talented young women to pursue careers in National Security. ArcPoint is a proud member of the WID Tampa Bay Chapter! Are you interested in joining? Register here.

The Third Annual Tampa Cyber Security Summit returned In-Person. It connected C-Suite & Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and security experts. ArcPoint’s Team learned about new trends in ransomware and how to stay resilient as these threats continue to grow. They also attended discussions around Artificial Intelligence and Machine Learning. If you missed the summit, you could register here for on-demand sessions.

It is officially conference season! ArcPoint is hitting conference season hard this year! We begin the season at Myrtle Beach for the Techno Security & Digital Forensics Conference on May 9, 2022 - May 12, 2022. We are a gold-level sponsor and will be hosting a booth as well as an Exhibit Hall Happy Hour on Tuesday, May 10, 2:30 PM. If you are interested in going to the conference, please contact us, and we can provide you with a discounted rate! 

ArcPoint Company and Product News

ArcPoint hosted their first quarterly happy hour mixed in Centro Ybor this month! Our mixer featured Florida Cane Distillery! Florida Cane was founded in 2012 by two hockey buddies in an 800 SQ FT warehouse. The Florida Cane Distillery was created with the vision of using local, all-natural, fresh ingredients to make unique world-class spirits. Our guests enjoyed tastings and signature cocktails while meeting one-on-one with the ArcPoint Forensics team for hands-on demos of ATRIO and networking! We are excited to continue our mixers quarterly to enjoy the local tastes and flavors of distilleries and breweries in the area. Be sure to sign-up for our next event in April online! Simply subscribe to our newsletter and in the comment section state “local”. We will add you to our list!

ArcPoint is proud to announce its partnership with Parabellum Risk Consulting! Parabellum Risk Consulting was established to serve small and medium businesses (SMB) in a cybersecurity consulting role. Large enterprises often struggle with the ever-changing cyber threat landscape. SMB businesses have the same challenges but deep concerns about budget, resources, and time.

In previous roles, Parabellum’s founders often saw SMB clients priced out of the "elite" consulting providers where the need for solutions was vital. They were equally frustrated with this situation, as were clients. Their services cater to the SMB world with practical, real-world, and affordable solutions to strengthen your cyber maturity level and prepare for any incidents and events.

ArcPoint Presents: Unallocated Space

This month we hosted Heather Mahalik on our Podcast. We discussed the "Roadmap for Digital Forensic Research." Heather Mahalik is the Senior Director of Digital Intelligence at Cellebrite. She advises on strategic digital intelligence operations and educates DFIR professionals on the latest challenges in the space and how Cellebrite helps address them. For more than 19 years, Heather has worked on high-stress and high-profile cases, investigating everything from child exploitation to Osama Bin Laden's digital media. She has helped law enforcement, eDiscovery firms, and the federal government extract and manually decode artifacts used in solving investigations worldwide. Heather is the co-author of Practical Mobile Forensics, currently a bestseller from Pack't Publishing, and serves as the DFIR Curriculum Lead, Faculty Fellow Instructor, and author for FOR585: Smartphone Forensic Analysis In-Depth at the SANS Institute. Heather is an advocate for the digital forensics and incident response community. She gives back by researching new mobile updates, validating new tools, teaching new analysis techniques, and providing additional resources in her blog. Check it out on our YouTube Channel and Podcast Platforms, hosted on Spotify and Google Podcast.

Next month we host Brett Shavers! Brett Shavers is a digital forensics examiner whose experience spans serving as a consultant, expert witness, and special master in civil litigation cases and includes a law enforcement career investigating cybercrime. Brett has well over 1,000 hours of formal digital forensics training from forensic software companies and various U.S. federal agencies. He has provided private consultation to government agencies and law firms in sensitive legal matters ranging from internal employee matters to class action litigation. Brett has also taught digital forensics and investigative techniques to dozens of law enforcement agencies internationally and at graduate-level educational programs. He is an award-winning author of several respected digital forensics books such as Placing the Suspect Behind the Keyboard, Hiding Behind the Keyboard, and the X-Ways Forensics Practitioner’s Guide. Brett also manages the DFIR Training website as a free resource for the DFIR community.

Check out our Blog

Once a month ArcPoint releases a blog to help individuals within the community grow and expand their skillsets. Our content is intended to be used as a refresher for experienced examiners and help individuals just getting started to expand their skillsets to make investigations easier. Check out Checking for Mobile Spyware on our website.

Want a Demo? Just Ask!

ATRIO™ is an all-in-one digital forensics hardware/software solution that performs full physical imaging and data exploitation. It is designed to be intuitive and easy to use. Output is immediately accessible in a universally-compatible, non-proprietary format and can be viewed on any computer. There are no additional software programs, dongles, or other peripherals required to operate ATRIO™. Interested in getting demo? Sign up on the ArcPoint website.

Monthly Tech Tip

Guymager is an open-source forensic image creator widely popular in the DFIR community. It is fast, easy to use, and best of all…it's a GUI! In this tech tip, we want to highlight a few customizations you can do that can save you some time during a large batch acquisition.

If you have a large batch of devices and want to save time by not having to input the same Case Number and Examiner information each time, just create a local configuration file for Guymager.

The first step is opening the default configuration file for Guymager located in “etc/guymager/guymager.cfg”. Generally, this file should not be edited, so we will just open it and copy what we need from here.

Find the table shown above, highlight it, copy it, and close the file. We will then create a new “local.cfg” file within the same directory using Nano (or any other text editor you prefer).

$ sudo nano local.cfg

We will paste the table we copied from ‘guymager.cfg’ and remove everything except the fields we wish to change within this new file. So, in this case, we will set the Examiner to ‘Dan B. Goode’ and the Case number to ‘Case-2021-123456’. Save the file and exit.

Now we can open Guymager and see that the fields we entered in our local.cfg file are pre-populated every time we select a device to image.

This local configuration file can be used to change numerous settings from image compression to languages. It will keep the settings and be modified to meet your future case needs. Hopefully, this tip will save you some time on your next massive collection. Happy imaging!