Jake Williams · Dec 12, 2013 · 9:04 PM UTC

Jake Williams @MalwareJake

12 Dec 2013

In #SANS FOR508 with @robtlee a quick class survey indicates that students spend avg 2 weeks per drive on forensics investigations.

Hal Pomeranz · Dec 12, 2013 · 9:05 PM UTC

Hal Pomeranz · Dec 12, 2013 · 9:05 PM UTC

Hal Pomeranz @hal_pomeranz

12 Dec 2013

@MalwareJake @robtlee Sounds about right. I wonder if they're including the time it takes to write the report.

Dec 12, 2013 · 9:05 PM UTC

Jake Williams · Dec 12, 2013 · 9:38 PM UTC

Jake Williams @MalwareJake

12 Dec 2013

@hal_pomeranz @robtlee The question was from phrased 'from acquisition to report' - many commented that it could be much, much longer

Hal Pomeranz · Dec 12, 2013 · 11:50 PM UTC

Hal Pomeranz @hal_pomeranz

12 Dec 2013

@MalwareJake Yeah, I've done "deep dives" on critical systems that have taken months.