A couple of months ago, Guidance Software announced a short-term research program through Bugcrowd. Bugcrowd runs "bug bounty" programs for software companies through which security researchers can report security vulnerabilities and get paid for their work. In this case, Guidance was seeking reports of forensic artifacts instead of vulnerabilities. I have submitted reports of security vulnerabilities in the past, but I had never participated in a bug bounty (they didn't ex

A number of organizations still rely on their IT staff to examine computers for misuse but don't provide their staff with any specialized tools and/or training. This is a recipe for disaster. Disclaimer: I'm not exactly a neutral party in this discussion because I have a financial interest in getting organizations to hire me to perform their examinations. That said, I'm actually supportive of organizations keeping a forensics function in house as long as they do it the righ