Tuesday, November 15, 2011

Context, Context, Context

Check out the SpiderLabs blog, "Anterior" for the latest Sniper Forensics post.

1 comment:

  1. Chris, great post for the SpiderLabs blog. I too found myself unnecessarily targeting Chinese or Russian URLs, simply because it was China and Russia. What I found (I analyze network traffic, so I have limited access at the system level) completely supports what you said...put it in the right context. I ended up finding out that the hours spent on "juicy" investigations, turned out to be a Chinese employee visiting Chinese sights...is it unusual for a Chinese individual to visit Baidu or some shopping sight in China? Not necessarily. Good reminder to "let the evidence shape your theory".