SANS recently published a good summary of Windows memory forensics acquisition and analysis tools. It’s a good compilation
Windows Memory Forensics Tools
«
23 December 2008 |
21:32 |
Forensics, Resources, Tools |
2 Comments | 575 Views
»
new linux incident response script
«
18 October 2008 |
12:53 |
Forensics, Tools |
1 Comment | 466 Views
»
We updated the ForensiX Linux Incident Response Script. You can find the new version at
We updated the ForensiX Linux Incident Response Script. You can find the new version at
New Forensics Live Response CD published
«
21 June 2007 |
14:49 |
Forensics, Live Response, Tools |
1 Comment | 1,751 Views
»
I’m proud to announce, that my team published yesterday a very cool Live Response CD for Linux and Windows in cooperation with the german journal iX. It contains a brand new Linux Live Response script and a build script for your own static binaries. This Live Response Script contains also an
I’m proud to announce, that my team published yesterday a very cool Live Response CD for Linux and Windows in cooperation with the german journal iX. It contains a brand new Linux Live Response script and a build script for your own static binaries. This Live Response Script contains also an
Sector Inspector (SecInspect.exe)
«
9 April 2007 |
13:52 |
Forensics, Tools |
No Comments | 1,763 Views
»
Microsoft published a tool called Sector Inspector (SecInspect.exe) with the Windows 2003 Server Resource Kit. This is a command-line diagnostics tool that allows administrators to view the contents of master boot records, boot sectors, and IA64 GUID partition tables. Additional features
Microsoft published a tool called Sector Inspector (SecInspect.exe) with the Windows 2003 Server Resource Kit. This is a command-line diagnostics tool that allows administrators to view the contents of master boot records, boot sectors, and IA64 GUID partition tables. Additional features
The Sleuthkit 2.08
«
6 April 2007 |
13:34 |
Forensics, Tools |
No Comments | 1,571 Views
»
The Sleuthkit (TSK) 2.08 is out now. The new version contains
The Sleuthkit (TSK) 2.08 is out now. The new version contains
The Sleuthkit 2.07
«
16 December 2006 |
20:08 |
Forensics, Tools |
No Comments | 1,460 Views
»
Brian Carrierr released version 2.07 of his file system analysis tool The Sleuthkit: There are a lot of updates and bug fixes. The summarized list is below. The executive summary is that there are new flags for ils to find orphan files and new flags for dls to specify allocation status.There were a lot of [...]
Brian Carrierr released version 2.07 of his file system analysis tool The Sleuthkit: There are a lot of updates and bug fixes. The summarized list is below. The executive summary is that there are new flags for ils to find orphan files and new flags for dls to specify allocation status.There were a lot of [...]
Malware Analysis with PEiD
«
11 November 2006 |
15:41 |
Forensics, Live Response |
1 Comment | 2,339 Views
»
I’d like to comment on PEiD. If you have to analyse an unknown binary and you like to know some details about packers, compilers and crypto features, you should give PEiD a try.
I’d like to comment on PEiD. If you have to analyse an unknown binary and you like to know some details about packers, compilers and crypto features, you should give PEiD a try.
New Helix version released
«
12 October 2006 |
15:09 |
Forensics, Live Response, Tools |
1 Comment | 2,070 Views
»
There is a new Helix (Incident Response & Computer Forensics Live CD based on Knoppix) version released. Version 1.8 has a now Andreas Schuster’s PTFinder included an will no longer change JFS information. You can donwload Helix here. All new features at a glance:
There is a new Helix (Incident Response & Computer Forensics Live CD based on Knoppix) version released. Version 1.8 has a now Andreas Schuster’s PTFinder included an will no longer change JFS information. You can donwload Helix here. All new features at a glance:
