Friday, February 14, 2014

Daily Blog #237: Saturday Reading 2/15/14

Hello Reader,
             I hope you are somewhere warm and dry. It's time to get your favorite comfy chair a hot cup of your favorite caffeinated beverage and enjoy some links that make you think on this weeks saturday reading.

1. This week's forensic lunch stretched an hour and 15 minutes as we got into some good discussion with:
Rob Fuller, @mubix, talking about his new project, project mentor http://www.projectmentor.net/ where Rob is offering to help mentor you into developing the real technical skills in infosec and dfir to get into the industry and other noble aspirations.

David Dym, @dave873, talking about the latest version of Metadiver which is available to download at http://www.easymetadata.com/wp/ which can crawl a directory and pull out all the metadata it can find into xls, json, xml and other formats. He also makes shadowkit.

Kevin Stokes talking about how to extend and expand our USB Multiboot Dongle, you can download the dongle image here: https://mega.co.nz/#!i45WhQya!SQILk0Td3e-g2j9YKUtuFjkbrrszJAgWthfhkGOKpqk

Zoltan Szabo, talking about his stance on Digital Forensics as a science.You can email him at zoltandfw@gmail.com if you want to give your feedback to his opinions.

You can watch it here: http://www.youtube.com/watch?v=M3_kjCtgemA

2. Jason Hale has updated his Volume Shadow Copy toolset and has a neat way to compare differences between different shadow copies, read about it here http://dfstream.blogspot.com.br/2014/02/vsc-toolset-update.html

3. Adam over on the Hexacorn blog has another entry in his 'beyond good ol run key' series, http://www.hexacorn.com/blog/2014/02/09/beyond-good-ol-run-key-part-7/, with a further dive into Windows internals. This entry focuses on an XP mechanism that allows execution on another applications crash, very very cool stuff here.

4. Brian Baskin has a good post up this week on dynamic malware analysis, explaining how he approaches it http://www.ghettoforensics.com/2014/02/malware-with-no-strings-attached.html.

5. Brian Moran has posted an update to his live response tools with an updated version of PeStudio, http://brimorlabs.blogspot.com.br/2014/02/small-update-to-windows-live-response.html. If you want to know more about PeStudio make sure to watch the forensic lunch in two weeks when the author will be on the show!

That's it for this week. Did I miss something good? Let me know I'm always looking for more blogs, articles and sites to read!