SANS recently published a good summary of Windows memory forensics acquisition and analysis tools. It’s a good compilation
Windows Memory Forensics Tools [update]
«
23 December 2008 |
21:32 |
Forensics, Resources, Tools |
4 Comments | 876 Views
»
new linux incident response script
«
18 October 2008 |
12:53 |
Forensics, Tools |
1 Comment | 601 Views
»
We updated the ForensiX Linux Incident Response Script. You can find the new version at
We updated the ForensiX Linux Incident Response Script. You can find the new version at
New Forensics Live Response CD published
«
21 June 2007 |
14:49 |
Forensics, Live Response, Tools |
1 Comment | 1,841 Views
»
I’m proud to announce, that my team published yesterday a very cool Live Response CD for Linux and Windows in cooperation with the german journal iX. It contains a brand new Linux Live Response script and a build script for your own static binaries. This Live Response Script contains also an
I’m proud to announce, that my team published yesterday a very cool Live Response CD for Linux and Windows in cooperation with the german journal iX. It contains a brand new Linux Live Response script and a build script for your own static binaries. This Live Response Script contains also an
Sector Inspector (SecInspect.exe)
«
9 April 2007 |
13:52 |
Forensics, Tools |
No Comments | 1,802 Views
»
Microsoft published a tool called Sector Inspector (SecInspect.exe) with the Windows 2003 Server Resource Kit. This is a command-line diagnostics tool that allows administrators to view the contents of master boot records, boot sectors, and IA64 GUID partition tables. Additional features
Microsoft published a tool called Sector Inspector (SecInspect.exe) with the Windows 2003 Server Resource Kit. This is a command-line diagnostics tool that allows administrators to view the contents of master boot records, boot sectors, and IA64 GUID partition tables. Additional features
The Sleuthkit 2.08
«
6 April 2007 |
13:34 |
Forensics, Tools |
No Comments | 1,581 Views
»
The Sleuthkit (TSK) 2.08 is out now. The new version contains
The Sleuthkit (TSK) 2.08 is out now. The new version contains
The Sleuthkit 2.07
«
16 December 2006 |
20:08 |
Forensics, Tools |
No Comments | 1,476 Views
»
Brian Carrierr released version 2.07 of his file system analysis tool The Sleuthkit: There are a lot of updates and bug fixes. The summarized list is below. The executive summary is that there are new flags for ils to find orphan files and new flags for dls to specify allocation status.There were a lot of [...]
Brian Carrierr released version 2.07 of his file system analysis tool The Sleuthkit: There are a lot of updates and bug fixes. The summarized list is below. The executive summary is that there are new flags for ils to find orphan files and new flags for dls to specify allocation status.There were a lot of [...]
Malware Analysis with PEiD
«
11 November 2006 |
15:41 |
Forensics, Live Response |
2 Comments | 2,561 Views
»
I’d like to comment on PEiD. If you have to analyse an unknown binary and you like to know some details about packers, compilers and crypto features, you should give PEiD a try.
I’d like to comment on PEiD. If you have to analyse an unknown binary and you like to know some details about packers, compilers and crypto features, you should give PEiD a try.
New Helix version released
«
12 October 2006 |
15:09 |
Forensics, Live Response, Tools |
1 Comment | 2,087 Views
»
There is a new Helix (Incident Response & Computer Forensics Live CD based on Knoppix) version released. Version 1.8 has a now Andreas Schuster’s PTFinder included an will no longer change JFS information. You can donwload Helix here. All new features at a glance:
There is a new Helix (Incident Response & Computer Forensics Live CD based on Knoppix) version released. Version 1.8 has a now Andreas Schuster’s PTFinder included an will no longer change JFS information. You can donwload Helix here. All new features at a glance:
FSP/FRU File Copy Client released
«
3 October 2006 |
14:02 |
Forensics, Live Response, Tools |
No Comments | 1,293 Views
»
Harlan Carvey just released the FSP/FRU File Copy Client on SourceForge. The FCli is a GUI client that the investigator can use to select files to be copied from the suspect system, over to the FSP server.
Harlan Carvey just released the FSP/FRU File Copy Client on SourceForge. The FCli is a GUI client that the investigator can use to select files to be copied from the suspect system, over to the FSP server.
Live Evidence Preview with Shadow 2
«
29 September 2006 |
18:10 |
Forensics, Tools |
No Comments | 1,841 Views
»
For the German journal iX we tested recently the Shadow 2 box from VOOM Technologies
For the German journal iX we tested recently the Shadow 2 box from VOOM Technologies
