There's an upcoming Stanford security seminar on how bulk data from captured drives and network traffic are analyzed. Thought it might of some interest to this list.
-------------------- Lessons Learned Writing High-Performance Multi-Threaded Digital Forensic Tools for Analyzing Hard Drives and Network Intercepts Simson Garfinkel http://simson.net/ Monday, June 17, 2013 Talk at 4:15pm Gates Building 463A Stanford University Abstract: Writing digital forensics (DF) tools is difficult because of the diversity of data types that needs to be processed, the need for high performance, the skill set of most users, and the requirement that the software run without crashing. Developing this software is dramatically easier when one possesses a few thousand disks of other people’s data for testing purposes. This talk presents the internal design of two high-performance computer forensics tools --- bulk_extractor and tcpflow --- discussing the algorithmic and C++ coding techniques that were employed. Come see how we peg at 64 cores on our test machine! (Loosely based on Garfinkel's 2012 DFRWS paper, http://simson.net/clips/academic/2012.DFRWS.DIIN382.pdf) -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech