Cool stuff from Princeton researchers. They published a paper “Cold Boot Attacks on Encryption Keys” and showed that whole disk encryption can be defeated by relatively simple methods. They demonstrated their methods by using them to defeat three disk encryption products: BitLocker,
Archive for the 'Live Response' Category
frozen memory aquisition
«
22 February 2008 |
16:33 |
Forensics, Live Response, Security |
No Comments | 759 Views
»
More on Windows Local Kernel-mode Backdoor Techniques
«
10 November 2007 |
13:44 |
Forensics, Live Response, Security |
1 Comment | 798 Views
»
On uninformed.org you can find a whitepaper which describes several ways to get your code covertly executed in the Windows kernel.
On uninformed.org you can find a whitepaper which describes several ways to get your code covertly executed in the Windows kernel.
New Forensics Live Response CD published
«
21 June 2007 |
14:49 |
Forensics, Live Response, Tools |
No Comments | 1,429 Views
»
I’m proud to announce, that my team published yesterday a very cool Live Response CD for Linux and Windows in cooperation with the german journal iX. It contains a brand new Linux Live Response script and a build script for your own static binaries. This Live Response Script contains also an
I’m proud to announce, that my team published yesterday a very cool Live Response CD for Linux and Windows in cooperation with the german journal iX. It contains a brand new Linux Live Response script and a build script for your own static binaries. This Live Response Script contains also an
Booting EnCase Images
«
2 May 2007 |
19:48 |
Forensics, Live Response, Tools |
No Comments | 1,705 Views
»
GetData now bundles their forensics tool MountImage Pro v2 with Virtual Forensic Computing (VFC) from MD5 Ltd. You can now mount a forensic image
GetData now bundles their forensics tool MountImage Pro v2 with Virtual Forensic Computing (VFC) from MD5 Ltd. You can now mount a forensic image
Malware Analysis with PEiD
«
11 November 2006 |
15:41 |
Forensics, Live Response |
1 Comment | 1,983 Views
»
I’d like to comment on PEiD. If you have to analyse an unknown binary and you like to know some details about packers, compilers and crypto features, you should give PEiD a try.
I’d like to comment on PEiD. If you have to analyse an unknown binary and you like to know some details about packers, compilers and crypto features, you should give PEiD a try.
New Helix version released
«
12 October 2006 |
15:09 |
Forensics, Live Response, Tools |
1 Comment | 1,846 Views
»
There is a new Helix (Incident Response & Computer Forensics Live CD based on Knoppix) version released. Version 1.8 has a now Andreas Schuster’s PTFinder included an will no longer change JFS information. You can donwload Helix here.
All new features at a glance:
There is a new Helix (Incident Response & Computer Forensics Live CD based on Knoppix) version released. Version 1.8 has a now Andreas Schuster’s PTFinder included an will no longer change JFS information. You can donwload Helix here.
All new features at a glance:
FSP/FRU File Copy Client released
«
3 October 2006 |
14:02 |
Forensics, Live Response, Tools |
No Comments | 1,181 Views
»
Harlan Carvey just released the FSP/FRU File Copy Client on SourceForge. The FCli is a GUI client that the investigator can use to select files to be copied from the suspect system, over to the FSP server.
Harlan Carvey just released the FSP/FRU File Copy Client on SourceForge. The FCli is a GUI client that the investigator can use to select files to be copied from the suspect system, over to the FSP server.
Live View released
«
29 August 2006 |
13:48 |
Forensics, Live Response, Tools |
2 Comments | 1,744 Views
»
Brian Kaplan from Carnegie Mellon University just released a tool called Live View. With Live View you can convert a raw dd image or physical device to a VMware virtual machine.
Brian Kaplan from Carnegie Mellon University just released a tool called Live View. With Live View you can convert a raw dd image or physical device to a VMware virtual machine.
