Lance Mueller published a good article about bypassing a Windows login password with forensic tools . You can use his instructions if you plan to boot an Windows image within a virtual machine and like to login.
Archive for the 'Forensics' Category
Bypassing a Windows login password with forensic tools
«
24 February 2008 |
14:37 |
Forensics, Security |
No Comments | 1,191 Views
»
frozen memory aquisition
«
22 February 2008 |
16:33 |
Forensics, Live Response, Security |
No Comments | 968 Views
»
Cool stuff from Princeton researchers. They published a paper “Cold Boot Attacks on Encryption Keys” and showed that whole disk encryption can be defeated by relatively simple methods. They demonstrated their methods by using them to defeat three disk encryption products: BitLocker,
Cool stuff from Princeton researchers. They published a paper “Cold Boot Attacks on Encryption Keys” and showed that whole disk encryption can be defeated by relatively simple methods. They demonstrated their methods by using them to defeat three disk encryption products: BitLocker,
Insider Threat Research
«
28 January 2008 |
18:25 |
Forensics, Security |
No Comments | 813 Views
»
CERT and the United States Sectret Service published an insider threat research that focuses on both technical and behavioral aspects of actual compromises. The key findings are Current and former employees carried out insider activities in nearly equal numbers. Sixty-three percent of the insiders held technical positions within the targeted organizations.
CERT and the United States Sectret Service published an insider threat research that focuses on both technical and behavioral aspects of actual compromises. The key findings are Current and former employees carried out insider activities in nearly equal numbers. Sixty-three percent of the insiders held technical positions within the targeted organizations.
Talk about Windows Vista Forensics
«
29 December 2007 |
11:52 |
Events, Forensics, Speeches |
2 Comments | 1,005 Views
»
I’m going to talk about Windows Vista Forensics at the DFN-CERT workshop. The workshop will be held on Februray 13 and 14, 2008 in Hamburg, Germany.
I’m going to talk about Windows Vista Forensics at the DFN-CERT workshop. The workshop will be held on Februray 13 and 14, 2008 in Hamburg, Germany.
The Sleuthkit 2.10
«
13 December 2007 |
9:37 |
Forensics, Tools |
1 Comment | 944 Views
»
A new version of The sleuthkit (TSK) is out now. There are some minor bug fixes included. Changelog
A new version of The sleuthkit (TSK) is out now. There are some minor bug fixes included. Changelog
WTF is Microsoft doing with the Last Access Timestamp on Vista?
«
20 November 2007 |
8:52 |
Forensics, Stories |
2 Comments | 1,487 Views
»
I recently discovered, that Microsoft destroyed a most valuable digital forensics evidence source on NTFS filesystems with Vista. The default registry key value for HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet \ Control\FileSystem\NtfsDisableLastAccessUpdate is now “1″, which means no last access timestamp will be written at all. On Windows XP and Windows 2000
I recently discovered, that Microsoft destroyed a most valuable digital forensics evidence source on NTFS filesystems with Vista. The default registry key value for HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet \ Control\FileSystem\NtfsDisableLastAccessUpdate is now “1″, which means no last access timestamp will be written at all. On Windows XP and Windows 2000
More on Windows Local Kernel-mode Backdoor Techniques
«
10 November 2007 |
13:44 |
Forensics, Live Response, Security |
1 Comment | 966 Views
»
On uninformed.org you can find a whitepaper which describes several ways to get your code covertly executed in the Windows kernel.
On uninformed.org you can find a whitepaper which describes several ways to get your code covertly executed in the Windows kernel.
computer forensics beginners course
«
26 August 2007 |
20:00 |
Events, Forensics |
No Comments | 1,243 Views
»
I’m giving computer forensics classes for beginners in Munich, Frankfurt and of course Berlin.
I’m giving computer forensics classes for beginners in Munich, Frankfurt and of course Berlin.
