geschonneck.com

In collaboration with the german IT journal iX I’m going to give some computer forensics lessons in Frankfurt, Munich, Zurich and Vienna this year. 19. – 20.April 2007, Frankfurt/M. (Innside Premium Hotel) 24. – 25.April 2007, München (NH München/Dornach)

“Phishing sites are easy to locate once the bad boys start spamming out thousands of mails linking to their site. But how can such sites be found before that?”

Brian Carrierr released version 2.07 of his file system analysis tool The Sleuthkit: There are a lot of updates and bug fixes. The summarized list is below. The executive summary is that there are new flags for ils to find orphan files and new flags for dls to specify allocation status.There were a lot of [...]

I’d like to comment on PEiD. If you have to analyse an unknown binary and you like to know some details about packers, compilers and crypto features, you should give PEiD a try.

Mikko from F-Secure made a quick research on the domain name market. They made some searches on Sedo.com and found out that they are reselling domains like chasebank-online.com, citi-bank.com and bankofameriuca.com. According to Mikko and Sedo are more obviously fraudulent domains available,

There is a new Helix (Incident Response & Computer Forensics Live CD based on Knoppix) version released. Version 1.8 has a now Andreas Schuster’s PTFinder included an will no longer change JFS information. You can donwload Helix here. All new features at a glance:

Andreas Schuster wrote in his blog about the new event log format in Vista. He also has a good

There is an additional hands-on training course on computer forensics in Berlin available. More information here.

Harlan Carvey just released the FSP/FRU File Copy Client on SourceForge. The FCli is a GUI client that the investigator can use to select files to be copied from the suspect system, over to the FSP server.

For the German journal iX we tested recently the Shadow 2 box from VOOM Technologies