Jake Williams · Dec 12, 2013 · 9:04 PM UTC

Jake Williams @MalwareJake

12 Dec 2013

In #SANS FOR508 with @robtlee a quick class survey indicates that students spend avg 2 weeks per drive on forensics investigations.

Hal Pomeranz · Dec 12, 2013 · 9:05 PM UTC

Hal Pomeranz @hal_pomeranz

12 Dec 2013

@MalwareJake @robtlee Sounds about right. I wonder if they're including the time it takes to write the report.

Jake Williams · Dec 12, 2013 · 9:38 PM UTC

Jake Williams @MalwareJake

12 Dec 2013

@hal_pomeranz @robtlee The question was from phrased 'from acquisition to report' - many commented that it could be much, much longer

Hal Pomeranz · Dec 12, 2013 · 11:50 PM UTC

Hal Pomeranz @hal_pomeranz

12 Dec 2013

@MalwareJake Yeah, I've done "deep dives" on critical systems that have taken months.

Robert Austin · Dec 13, 2013 · 12:26 AM UTC

Robert Austin @W3nd1g04n6

13 Dec 2013

@hal_pomeranz @MalwareJake I've had the report alone take much longer than that 2 weeks, but that's more the exception than the norm.

Jake Williams · Dec 13, 2013 · 12:40 AM UTC

Jake Williams @MalwareJake

13 Dec 2013

@W3nd1g04n6 @hal_pomeranz Eek. I'd hate for reporting to take that long. I'd fear the result would be a job search...

Robert Austin · Dec 13, 2013 · 12:42 AM UTC

Robert Austin @W3nd1g04n6

13 Dec 2013

@MalwareJake @hal_pomeranz Or even more lawyers being involved.

Hal Pomeranz · Dec 13, 2013 · 1:17 AM UTC

Hal Pomeranz · Dec 13, 2013 · 1:17 AM UTC

Hal Pomeranz @hal_pomeranz

13 Dec 2013

Replying to @W3nd1g04n6

@W3nd1g04n6 @MalwareJake I've written some epic forensic reports in my time that have taken a couple of weeks. It's hell.

Dec 13, 2013 · 1:17 AM UTC