Saturday, February 22, 2014

Daily Blog #244: Saturday Reading 2/22/14

Hello Reader,
              Hope you had a great week, but now the week is over. It's Saturday! It's time for more links to make you think in this weeks, Saturday Reading.

1. We had a Forensic Lunch with two people whose expertise is in fields I know much less about which always fascinates me. We had a fascinating Forensic Lunch today with:

Lenny Zeltser, @lennyzeltser , talking about his career in reverse engineering and the challenges of moving his analysis platform to Windows 8. Here are the links he discussed:

Books mentioned:
Malware Analyst's Cookbook: http://www.malwarecookbook.com
Practical Malware Analysis: http://practicalmalwareanalysis.com/
Jon Stewart, @codeslack, talking about his career and his work on Lightgrep.
You can grab a copy of the lightgrep engine source here:http://www.lightboxtechnologies.com/lightgrep-engine/
You can grab a copy of  v1.4 with lightgrep built in here: http://digitalcorpora.org/downloads/bulk_extractor/
You can buy a copy of lightgrep that works with Encase and other tools here:http://www.lightboxtechnologies.com/lightgrep/

 2. Hexacorn blog has part 8 in their autorun series up, http://www.hexacorn.com/blog/2014/02/21/beyond-good-ol-run-key-part-8-2/, this one covering how to get users to be your persistence mechanism through jumplists. Very cool.

3. Jason Hale has a new blog post up documenting addtional MRU's in office 2013, http://dfstream.blogspot.com/2014/02/office-2013-more-mrus.html, more MRUs is always a good thing!

4. Lenny Zeltser has a new blog post up on the SANS DFIR blog discussing Ollydbg v2, http://digital-forensics.sans.org/blog/2014/02/20/ollydbg-version-2-for-malware-analysis, and its current state of feature completeness.

5. Harlan has a new blog up discussing how to identify, http://windowsir.blogspot.com/2014/02/more-tracking-user-activity-via-registry.html, additional files being accessed in Office 2013 on a per user basis with timestamps and last position for each document.

Did I miss something? Did you post a blog I missed? Let me know in the comments or email me dcowen@g-cpartners.com and let me know!