Recommended password policy

My opinion has always been that unnecessary mandatory password changes are bad. It forces people to choose a new (easy to remember) password. A few days ago The NIST has published the finalized version of…

A network switch with several ports.

Security through obscurity: Default ports

Recently someone asked me the question if he should use alternative ports when connecting his new NAS to the internet. My opinion is that changing default ports for things like FTP and SSH won't actually…

Should you pull the plug?

When you are collecting evidence a live system is always interesting. There is some debate on how to handle live systems. And while there certainly are interesting products on the market like the HotPlug Field…

Encryption: BitLocker forensics

Encryption is a challenge in forensics and the use of encryption to protect computer data is growing. Without a decryption key, the data and the potential evidence can't be accessed. When you come across a system…

SMB1 should die

Part of the reason why the WanaCry outbreak got so big is that a lot of systems were not running the latest security patches. SMB1 is an old protocol designed in the early 1990's. If the…