Darin Bartholomew

I had a brief stint in political communications, so whenever cyber merges with politics, it’s something I enjoy looking into. I think a big missed opportunity is the ability to use our wealth of technical resources in the private sector to strengthen our government cyber opportunities. I think a driving force behind this is the public mistrust of…[Read more]

I really liked this post. I think often times knowing the audience is something that gets overlooked, especially at the entry level. You might want to impress a board room with how smart you are with the data, but if it goes over everyone’s head, you do more harm than good for yourself and the company.

Andres, I like how you broke this question down into 3 definitions first. That’s a good approach to the question and it seems sort of in line with the approach of someone responding to an incident. Breaking down all the pieces of information before coming up with a full solution. I like it!

Ruslan, as always, great stuff. I liked your mention of social media. It’s something that I didn’t even think of. I would take it a step further and say that as investigators we need our own set of rules involving social media. Someone investigating a case can’t go home and post “I can’t believe what ______ did on their work computer!” and then…[Read more]

Fred, great post and best of luck in the presentation.

I like the “set a goal” step. I think sometimes we get lost in the incredibly high level “be secure” goal and we forget to make goals a little more tangible and measurable to rate performance.

Blake, I think this outlines a real challenge that companies will have, especially startups. How do you grow at a rapid rate to please business stakeholders but make sure that while increasing the scale of the company you remain secure and implement sound policies to prevent fraud? Like you said, Target has a lot of projects and a lot of resources…[Read more]

I think ethics plays a role in digital forensics because as investigators it’s our job to tell what we can prove to be the true story as it happened with a piece of computer technology. In some cases we might be the only ones who truly understand the evidence and the artifacts which puts us in a position of incredible influence. We can not allow…[Read more]

Great post Samantha. I think one of the most telling things about this was that 30% of businesses survey either aren’t in compliance or are unsure of the compliance with PCI standards. That’s incredibly scary.

This is great, Andres. One more example of how important it is to block ports that aren’t being used or aren’t necessary. It looks like the port in question is only used for administrative purposes and could probably be closed without any major impact on end user functionality.

Great post Jonathan. Generally the rule of thumb I’ve operated under is that if I don’t want to see it on the front page of Philly.com I shouldn’t hit send in the first place. I wonder if we will ever go back to physical paper communication for incredibly sensitive communication without an urgency of delivery time. We as professionals entering the…[Read more]

Roberto I thought this was a great article and a fun take on cyber security. I thought the most important one to remember is that it’s a people game. At the root of every cyber attack or vulnerability is a human element. A computer doesn’t decide to do evil things, a person tells it to act that way. A system is vulnerable because a person can find…[Read more]

Joseph great comment. I wonder if this is something that Temple is starting to do on select PCs. I’ve noticed that Windows 10 machines in Alter common areas always give me the “setting up this PC” prompt as soon as I log in.

If they’re giving a fresh image on every reboot what sort of challenges would a forensics expert face if they need to…[Read more]