Private homepage of Alexander Geschonneck (Berlin, Germany).
In collaboration with the german IT journal iX I’m going to give some computer forensics lessons in Frankfurt, Munich, Zurich and Vienna this year. 19. – 20.April 2007, Frankfurt/M. (Innside Premium Hotel) 24. – 25.April 2007, München (NH München/Dornach)
„Phishing sites are easy to locate once the bad boys start spamming out thousands of mails linking to their site. But how can such sites be found before that?“
Brian Carrierr released version 2.07 of his file system analysis tool The Sleuthkit: There are a lot of updates and bug fixes. The summarized list is below. The executive summary is that there are new flags for ils to find orphan files and new flags for dls to specify allocation status.There were a lot of Read More …
I’d like to comment on PEiD. If you have to analyse an unknown binary and you like to know some details about packers, compilers and crypto features, you should give PEiD a try.
There is a new Helix (Incident Response & Computer Forensics Live CD based on Knoppix) version released. Version 1.8 has a now Andreas Schuster’s PTFinder included an will no longer change JFS information. You can donwload Helix here. All new features at a glance:
Andreas Schuster wrote in his blog about the new event log format in Vista. He also has a good
There is an additional hands-on training course on computer forensics in Berlin available. More information here.
Harlan Carvey just released the FSP/FRU File Copy Client on SourceForge. The FCli is a GUI client that the investigator can use to select files to be copied from the suspect system, over to the FSP server.
The AusCERT computer crime and security site survey provides the most up to date and authoritative analysis of computer network attack and computer misuse trends in Australia over the last 12 months. The survey aims to raise awareness of the complex nature of computer security issues, identify areas of concern and, where appropriate, to motivate Read More …
For the German journal iX we tested recently the Shadow 2 box from VOOM Technologies