Category Archives: forensics

Computer Forensics practice

Posted on 14-Aug-2010 by .

You’ve just finished receiving digital forensics training or acquired a new tool (FTK, Encase, Sleuth).  Now what?  You’re waiting for some real cases to crack.  In the meantime, over on the SANS Forensics blog, Ken Pryor has posted an excellent … Continue reading

Posted in forensics, news | Tagged , | Leave a comment

REMnux: Distro for Reversers

Posted on 26-Jul-2010 by .

Lenny Zeltser, SANS Instructor, has released a customized distribution targeted at malware reverse engineers.  From the REMnux page: REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As … Continue reading

Posted in forensics, malware, news, security | Tagged , , | Leave a comment

win32 memory capture & analysis cheat sheet

Posted on 14-Jun-2010 by .

A high level overview to perform live memory captures and analysis: capture memory via moonsol’s win32dd parse memory snapshot with mandiant’s memoryze analyze results via audit viewer or analyze using the volatility framework — neatly packaged in SAN’S Sift Workstation

Posted in forensics, malware, microsoft, pentest, security | Tagged , | Leave a comment

(Tool) FireShark: Aid for web incident response

Posted on 13-Jun-2010 by .

The tool of the day is FireShark, a free web analysis tool.  This is great to have in your toolbox for IR.  FireShark will generate a mind map of a given webpage — think of it being a graphical representation … Continue reading

Posted in forensics, news, security | Tagged , | Leave a comment

Forensics on Amazon’s Kindle

Posted on 3-Jun-2010 by .

I recently stumbled upon to great blog posts regarding Kindle forensics.  Eric Huber’s ‘A Fistful of Dongles’ blog has some interesting initial analysis on imaging the Kindle and key artifacts to zone in on. Part 1: A Cursory Look at … Continue reading

Posted in forensics, news | Tagged , , | Leave a comment

Analyzing Malicious PDF Documents

Posted on 20-Apr-2010 by .

So you want to get your feet wet? Grab Didier Stevens tools here: http://blog.didierstevens.com/programs/pdf-tools/ Grab malicious PDF samples here: http://www.malwaredomainlist.com/mdl.php?search=pdf+exploit&colsearch=All&quantity=50 *Be careful, these are live samples! Video Tutorial: Didier on analyzing a PDF Document: http://www.youtube.com/v/tHVi2wKCkTc You’re going to run into … Continue reading

Posted in forensics, malware, news, security | Tagged , , , , | Leave a comment

GPS Forensics & Google Earth

Posted on 26-Nov-2009 by .

I previously wrote about online GPS Forensic references and wanted to put them to use.  I had a suspicion that my girlfriend has been seeing another man.  When she was at work I grabbed her GPS (Garmin Nuvi 205) and … Continue reading

Posted in forensics | Leave a comment

Windows Anti Forensics Tip of the Day…

Posted on 11-Nov-2009 by .

I previously wrote about how to have your system automatically clear the pagefile before a reboot or shutdown.  There’s a couple other steps I recommend you make on your system… Automatically permanently delete (Nuke on Delete)- Normally Delete sends files … Continue reading

Posted in forensics, microsoft | Leave a comment

GPS Forensics

Posted on 5-Oct-2009 by .

There’s a new GPS forensics community starting up here: http://www.gpsforensics.org/  Some additional information can be found here: http://www.forensicswiki.org/wiki/GPS I’m going to examine my Garmin 200W this evening.  It looks like a simple text editor will reveal raw trip data including … Continue reading

Posted in forensics | 1 Comment

Adobe Flash control panel

Posted on 8-Sep-2009 by .

I previously wrote about Flash cookies which many folks are not aware of.  Well, I’ve just stumbled across a great article which describes how to manage your Flash cookies and other settings.  The “control panel” is located on Adobe’s website: … Continue reading

Posted in forensics, privacy | 1 Comment