Cool stuff from Princeton researchers. They published a paper “Cold Boot Attacks on Encryption Keys” and showed that whole disk encryption can be defeated by relatively simple methods. They demonstrated their methods by using them to defeat three disk encryption products: BitLocker,
frozen memory aquisition
«
22 February 2008 |
16:33 |
Forensics, Live Response, Security |
No Comments | 816 Views
»
New Forensics Live Response CD published
«
21 June 2007 |
14:49 |
Forensics, Live Response, Tools |
No Comments | 1,470 Views
»
I’m proud to announce, that my team published yesterday a very cool Live Response CD for Linux and Windows in cooperation with the german journal iX. It contains a brand new Linux Live Response script and a build script for your own static binaries. This Live Response Script contains also an
I’m proud to announce, that my team published yesterday a very cool Live Response CD for Linux and Windows in cooperation with the german journal iX. It contains a brand new Linux Live Response script and a build script for your own static binaries. This Live Response Script contains also an
Booting EnCase Images
«
2 May 2007 |
19:48 |
Forensics, Live Response, Tools |
No Comments | 1,747 Views
»
GetData now bundles their forensics tool MountImage Pro v2 with Virtual Forensic Computing (VFC) from MD5 Ltd. You can now mount a forensic image
GetData now bundles their forensics tool MountImage Pro v2 with Virtual Forensic Computing (VFC) from MD5 Ltd. You can now mount a forensic image
Malware Analysis with PEiD
«
11 November 2006 |
15:41 |
Forensics, Live Response |
1 Comment | 2,027 Views
»
I’d like to comment on PEiD. If you have to analyse an unknown binary and you like to know some details about packers, compilers and crypto features, you should give PEiD a try.
I’d like to comment on PEiD. If you have to analyse an unknown binary and you like to know some details about packers, compilers and crypto features, you should give PEiD a try.
FSP/FRU File Copy Client released
«
3 October 2006 |
14:02 |
Forensics, Live Response, Tools |
No Comments | 1,207 Views
»
Harlan Carvey just released the FSP/FRU File Copy Client on SourceForge. The FCli is a GUI client that the investigator can use to select files to be copied from the suspect system, over to the FSP server.
Harlan Carvey just released the FSP/FRU File Copy Client on SourceForge. The FCli is a GUI client that the investigator can use to select files to be copied from the suspect system, over to the FSP server.
Live View released
«
29 August 2006 |
13:48 |
Forensics, Live Response, Tools |
2 Comments | 1,778 Views
»
Brian Kaplan from Carnegie Mellon University just released a tool called Live View. With Live View you can convert a raw dd image or physical device to a VMware virtual machine.
Brian Kaplan from Carnegie Mellon University just released a tool called Live View. With Live View you can convert a raw dd image or physical device to a VMware virtual machine.
Forensic memory dumping issues
«
6 June 2006 |
11:44 |
Forensics, Live Response |
No Comments | 2,056 Views
»
Arne Vidstrom from ntsecurity.nu wrote an interesting paper about problems with forensic RAM dumps from Windows XP. His summary on this topic
Arne Vidstrom from ntsecurity.nu wrote an interesting paper about problems with forensic RAM dumps from Windows XP. His summary on this topic
windows memory analysis
«
6 April 2006 |
22:09 |
Forensics, Live Response |
No Comments | 2,511 Views
»
Andreas Schuster recently published on his blog two interesting articles about process memory reconstruction.
He describes how to
Andreas Schuster recently published on his blog two interesting articles about process memory reconstruction.
He describes how to
