The WitFoo Project was formed by a dozen volunteers in late 2015 that had become fed up with systemic failure in Information Security Operations. Since then we have spent more than 10,000 labor hours running experiments and building prototypes (see Origin of WitFoo...
Violent Crime to Cybercrime In his post, Detective Ritch describes Evolution of Facts over the course of a shooting investigation. In this installment we’ll examine how we’ve adapted that paradigm into InfoSec investigations. Importance of Evolution Evolving data into...
I am fond of saying criminal investigations are like puzzles. In order to complete a puzzle all of the pieces must fit, and the image must match the picture on the box. A criminal investigation is the same; all of the pieces of evidence must fit and accurately...
Start with Connected Dots Okay, back to reality now. Given the space and time in which our previously discussed drive-by shooting occurred, using deductive reasoning, and based on training and experience, a detective would surmise this was in fact a singular incident...
In the last installment, we explored how a shooting investigation would look using common InfoSec paradigms. Before we jump into how law enforcement would approach that same case, let’s examine how facts evolve from simply being data to being evidence that supports an...