We updated the ForensiX Linux Incident Response Script. You can find the new version at
new linux incident response script
«
18 October 2008 |
12:53 |
Forensics, Tools |
1 Comment | 458 Views
»
frozen memory aquisition
«
22 February 2008 |
16:33 |
Forensics, Live Response, Security |
No Comments | 968 Views
»
Cool stuff from Princeton researchers. They published a paper “Cold Boot Attacks on Encryption Keys” and showed that whole disk encryption can be defeated by relatively simple methods. They demonstrated their methods by using them to defeat three disk encryption products: BitLocker,
Cool stuff from Princeton researchers. They published a paper “Cold Boot Attacks on Encryption Keys” and showed that whole disk encryption can be defeated by relatively simple methods. They demonstrated their methods by using them to defeat three disk encryption products: BitLocker,
New Forensics Live Response CD published
«
21 June 2007 |
14:49 |
Forensics, Live Response, Tools |
1 Comment | 1,748 Views
»
I’m proud to announce, that my team published yesterday a very cool Live Response CD for Linux and Windows in cooperation with the german journal iX. It contains a brand new Linux Live Response script and a build script for your own static binaries. This Live Response Script contains also an
I’m proud to announce, that my team published yesterday a very cool Live Response CD for Linux and Windows in cooperation with the german journal iX. It contains a brand new Linux Live Response script and a build script for your own static binaries. This Live Response Script contains also an
Booting EnCase Images
«
2 May 2007 |
19:48 |
Forensics, Live Response, Tools |
No Comments | 2,090 Views
»
GetData now bundles their forensics tool MountImage Pro v2 with Virtual Forensic Computing (VFC) from MD5 Ltd. You can now mount a forensic image
GetData now bundles their forensics tool MountImage Pro v2 with Virtual Forensic Computing (VFC) from MD5 Ltd. You can now mount a forensic image
Malware Analysis with PEiD
«
11 November 2006 |
15:41 |
Forensics, Live Response |
1 Comment | 2,330 Views
»
I’d like to comment on PEiD. If you have to analyse an unknown binary and you like to know some details about packers, compilers and crypto features, you should give PEiD a try.
I’d like to comment on PEiD. If you have to analyse an unknown binary and you like to know some details about packers, compilers and crypto features, you should give PEiD a try.
FSP/FRU File Copy Client released
«
3 October 2006 |
14:02 |
Forensics, Live Response, Tools |
No Comments | 1,277 Views
»
Harlan Carvey just released the FSP/FRU File Copy Client on SourceForge. The FCli is a GUI client that the investigator can use to select files to be copied from the suspect system, over to the FSP server.
Harlan Carvey just released the FSP/FRU File Copy Client on SourceForge. The FCli is a GUI client that the investigator can use to select files to be copied from the suspect system, over to the FSP server.
Live View released
«
29 August 2006 |
13:48 |
Forensics, Live Response, Tools |
2 Comments | 1,947 Views
»
Brian Kaplan from Carnegie Mellon University just released a tool called Live View. With Live View you can convert a raw dd image or physical device to a VMware virtual machine.
Brian Kaplan from Carnegie Mellon University just released a tool called Live View. With Live View you can convert a raw dd image or physical device to a VMware virtual machine.
Forensic memory dumping issues
«
6 June 2006 |
11:44 |
Forensics, Live Response |
No Comments | 2,139 Views
»
Arne Vidstrom from ntsecurity.nu wrote an interesting paper about problems with forensic RAM dumps from Windows XP. His summary on this topic
Arne Vidstrom from ntsecurity.nu wrote an interesting paper about problems with forensic RAM dumps from Windows XP. His summary on this topic
