Wietse Venema is known for his software such as the TCP Wrapper and the Postfix open source mail system. He co-authored the SATAN network scanner and the Coroner's Toolkit (TCT) for forensic analysis, as well as a book on Forensic Discovery.
Wietse received awards from the System Administrator's Guild (SAGE), the Netherlands UNIX User Group, Sendmail, and IBM (outstanding technical achievement). He served a two-year term as chair of the international Forum of Incident Response and Security Teams (FIRST). Wietse is currently a research staff member at the IBM T. J. Watson research center. After completing his Ph.D. in physics he changed career to computer science and never looked back.
Webpage: http://www.porcupine.org/wietse/
Forensic discovery of hosts and networks
Abstract:Wietse will present lessons learned about the persistence of information in file systems and in main memory of modern computers - not only how long information persists, but also why this happens, and what the limitations of that information are. Many examples are from UNIX/Linux systems, but some examples cover Windows as well (and illustrate that Windows and *NIX aren't fundamentally different).
Related material:
Book: Dan Farmer, Wietse Venema, "Forensic Discovery", Addison-Wesley,
2004.
Software: Brian Carrier, "Sleuthkit". http://www.sleuthkit.org/
Research: DFRWS website at http://www.dfrws.org/
