I recently discovered, that Microsoft destroyed a most valuable digital forensics evidence source on NTFS filesystems with Vista. The default registry key value for HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet \ Control\FileSystem\NtfsDisableLastAccessUpdate is now “1″, which means no last access timestamp will be written at all. On Windows XP and Windows 2000
Archive for November, 2007
WTF is Microsoft doing with the Last Access Timestamp on Vista?
«
20 November 2007 |
8:52 |
Forensics, Stories |
2 Comments | 1,512 Views
»
WabiSabiLabi founder jailed
«
12 November 2007 |
19:08 |
Security, Stories |
No Comments | 921 Views
»
The WabiSabiLabi founder was jailed, not for putting a bidding system for exploits online, but rather on spying charges. Italian news media reported that Roberto Preatoni was arrested on Nov. 5 and charged with unauthorized access to computer systems and wiretapping.
The WabiSabiLabi founder was jailed, not for putting a bidding system for exploits online, but rather on spying charges. Italian news media reported that Roberto Preatoni was arrested on Nov. 5 and charged with unauthorized access to computer systems and wiretapping.
More on Windows Local Kernel-mode Backdoor Techniques
«
10 November 2007 |
13:44 |
Forensics, Live Response, Security |
1 Comment | 970 Views
»
On uninformed.org you can find a whitepaper which describes several ways to get your code covertly executed in the Windows kernel.
On uninformed.org you can find a whitepaper which describes several ways to get your code covertly executed in the Windows kernel.
