Shortly after the COVID pandemic had essentially shut down any kind of movement across the planet, I started to think about how we could keep getting the message of Digital Forensics and Incident Response out to the masses. My intention was not to reinvent the wheel. Of course, there is a great deal of information already being produced and distributed. It seems that every vendor with a product to sell has moved into free webinars, lunchtime presentations, and various other delivery modalities to get their message out. I felt that the last thing we needed was another 45 minutes to 1-hour lecture on any given topic.
A concern, or dare I say, issue that I have with so many of these one-hour deliveries is that the title and or description of the presentation sometimes does not conflate with the deliverable. This is not to say that the presentation is bad, however there is a difference between what the presenter intended to present and what I expected to receive. Unfortunately, I have lost the better part of an hour waiting for what I wanted as opposed to what was being delivered.
Did I mention earlier that the space is completely flooded with these types of deliveries at the moment? I wanted to break the mold. I wanted to provide something to the community in small, bite -sized chunks. In this manner, even if it was something you wouldn’t have otherwise listened to, it was a small enough amount of time that even if it was completely unrelated or completely unnecessary, you would not have lost much of your valuable time. My SANS 3MinMax was born!
The SANS 3MinMax series is designed around short, three-minute presentations on a variety of topics from within Digital Forensics, Incident Response, and to a lesser degree, Information Security. For example, the first week we aired, we used a few of my SANS 3MinMax episodes to walk through something called the Order of Volatility that needs to be considered when seizing a computer that is found to be powered on.
Please check out past episodes here
Some of these talks will be one offs to cover a specific topic, and some of them will cover a topic that cannot be conveyed in three minutes, and so will be delivered in a series of three minutes presentations. Using this delivery method, anyone from a wide variety of computer backgrounds and workspaces could tune in at any time and listen to this content without having to worry about how much of an investment of time there is. What is the worst that is going to happen? You will have lost three minutes. Max. Who knows? This may revive or instill in you a new curiosity into an area you may not have otherwise explored. I am very accessible for questions or follow-ups on any of the presentations. As well, I would invite subject matter. If there is a topic you would like covered or a question you have that you would like covered in a presentation, by all means, reach out to me and I may just cover it in an upcoming episode.
Everybody has a spare three minutes, even if it’s just while you are getting situated to start your workday or winding down at the end of your workday. And I won’t feel bad if you use your toilet time for it, either! I hope you will join me on my next SANS 3MinMax episode.
If you would like to suggest a topic for the next 3MinMax episodes, please email 3minmax@sans.org or reach out to Kevin via twitter at @kevinripa
About the Author:
An investigator at heart, Kevin Ripa bought his first computer as a tool for writing reports for his private investigation agency. As he worked through typical user issues, the "why" of what was going wrong in his machine kept him up at night. So Kevin turned his investigative skills toward his computer and quickly became fascinated by the world inside of it. Now a 25-year veteran of the digital investigations field, Kevin's enthusiasm has not waned: "IT security and digital forensics still inspire me every day, and I can't wait to wake up in the morning and get to work!"
Kevin is a SANS Certified instructor and the co-author of the SANS course FOR498: Battlefield Forensics and Data Acquisition. For more information about the course, visit: http://www.sans.org/FOR498