Friday, August 26, 2022

Demo for FreeEed

 Recently, I taught a class about Search and Elastic. As part of this class, I gave the students a lab showcasing FreeEed as an example of a real-world application. Here is the lab which you might find helpful as well


Tuesday, June 28, 2022

I am excited by GitHub Copilot

 Advertised as "Your AI Pair Programmer," GitHub Copilot indeed works very well, and I am impressed. The promise is that "you write the comments, and it writes the implementation code." I did not read this documentation but just started writing code. It worked like magic.

I got a value from a hash table. It offered to check that the value existed and was not empty. The suggestion is shown in the pale font.

I then hit the tab to accept. The suggestion was bolded.

I saved a few seconds. I also saved some brain CPU cycles. I had a comfortable feeling that the code was in good style. I wasted half an hour sharing my excitement with the world.

There is more! It writes my comments. And often, it gets is right. If not, then often enough, I can still accept and change a word or two.

Thumbs up, GitHub.

Thursday, March 4, 2021

Security News Roundup - March 4

An alternate take on why the Solarwinds hack happened (Note: I read and enjoyed the article by Matt Stoller that is linked in the piece):

Top 10 Web Hacking Techniques of 2020 (Must read for anyone in the web application security field):

Interesting development in cyber insurance field, led by Google:

Short post on bots plaguing the online limited-edition sneaker industry:

Ransomware threat landscape in 2020 and 2021:

Post from Troy Hunt about a password breach (while it is about a political site, it contains the usual details and in-depth analysis that characterize his posts):

Exchange Zero Days patched by Microsoft:

Friday, August 14, 2020

How to do Early Case Assessment with FreeEed

Sometimes, you have a lot of data to process for eDiscovery. So, you go to your favorite eDiscovery provider and ask them to process your data and then host it for your review. But there's the rub: processing costs X number of dollars per gigabyte, and usually, you don't want to host all the data. 

Here is how you can solve this problem with FreeEED and save oodles of money in the process. First, I will explain the harder way, using the review. Then I will show how to go straight to the results, once you are more trusting the results.

Way 1 - with the review

 Download and start FreeEED

Select your projects and add files to your project

Stage, Process, and Go to Review

In the review, find all responsive documents. 

Now, simply click on "Export as Natives"

Here, you got want you wanted! You know now what documents you will deal with. Read them, analyze them. 

Put them into your favorite review platform, like Relativity. From there, you will be able to do production and share the documents with others who need them. And by the way, we can set you up and help with Relativity as well. 

Way 2 - go straight to the results

Start as above, by downloading FreeEED. But, instead of going all the way with the review, simply use culling

Enter your search string (I entered 'matt' but it accepts complete Lucene syntax, with metadata names and ranges), and click on process. When done, send the production results. Or, be more formal and go to Relativity, as above.


Monday, June 18, 2018

Security Analytics At the Speed of Thought With ML and Elastic

Abstract: This talk was a continuation of the discussion started in February where we will overview how machine learning in Elastic X-Pack can be used to analyze data from a data lake help the SOC (Security Operations Center) and Threat Hunting teams find malicious actors in their environment. We will demonstrate how easy it is to pivot through data and start to expand the information we have around the compromise.

Geoff presented a demo similar to this one,

May 23, 2018, was a great day! Thank you, all.

Wednesday, May 16, 2018

Searching Blockchain with FreeEed

The Blockchain is composed of multiple blocks that can contain any information. However, it is not a database in a traditional sense: it is not fast, and it does not answer queries.

For example, the writing speed is one block every 10 minutes for Bitcoin and about one block every seven seconds for Ethereum. Queries, as such, do not exist at all: neither SQL nor NoSQL-type language is not provided.

Meanwhile, the information stored in Blockchain often needs to be searched. Here is the design pattern from CSIRO.

As of today, such a tool exists. FreeEed has been used by lawyers to do eDiscovery and legal review and by researchers for all kinds of investigations. It allows you to give any sort of data as input (see here) and indexes that data for searches. The data can be loose Office files, PST mailboxes, a "load file" produced to lawyers due to an eDiscovery request, and Blockchain.

We are actively working on FreeEed all the time, adding input formats, processing capabilities, and machine learning. The tool is open source and welcomes new additions. The review part is called "FreeEed Review" and works through the browser.

The back end used to implement text search is Elasticsearch. This means that you can also look at the processed data through the mighty ELK (Elasticsearch, Logstash, Kibana), which are also open source.

Happy searching!