It's Saturday! I'm excited to post my first Saturday Reading in almost two years!. While I get to work on seeing whats changed in the world of rss feeds and twitter tags since I last did this, here is this weeks Saturday Reading!
1. We had a great forensic lunch this week. We had Jared Atkinson talking all about how to do forensics on a live system or mounted image with his Powershell framework PowerForensics.
- You can grab your own copy of PowerForensics on Github here: https://github.com/Invoke-IR/PowerForensics
- Read his Blog here: www.invoke-ir.com
- Vote for him in the Forensic4Cast Awards here: https://forensic4cast.com/forensic-4cast-awards/
- Reminder I'm up for voting in another category as well!
- and of course you can follow him on Twitter here: https://twitter.com/jaredcatkinson
You can watch the episode on youtube here: https://www.youtube.com/watch?v=uCffFc4r4-k
2. Adam over at Hexacorn is continuing to update his tool DeXRAY which can examine, extract and detail information about the malware that 20 different anti virus products. If you've ever been frustrated that the very thing you need to analyze is being withheld by an anti virus products quarantine this should help.
Read more about it and download it here: http://www.hexacorn.com/blog/2016/04/06/dexray-twentin-quarantino/
3. On the CYB3RCRIM3 blog there is a neat post covering the basic facts and a judges ultimate opinion regarding a civil case that involved the Computer Fraud and Abuse Act (CFAA). While there are alot of criminal cases out there that have CFAA charges there are few civil CFAA cases that I know of, outside of the ones I've been involved in.
4. Harlan has a new post up on his blog Windows Incident Response. It covers some new WMI persistence techniques he's seen used by attackers in the wild. Not only does Harlan link to a blog he wrote for SecureWorks on the topic but he also linked to a presentation written by Matt Graeber from Mandiant.
5. Also on Harlan's Blog he's let us know that the 2nd version of Windows Registry Forensic is out!
Read more about here and get a copy for yourself! http://windowsir.blogspot.com/2016/04/windows-registry-forensics-2e.html
6. The 2016 Volatility Plugin Contest is live! If you have an idea or just want to go through the learning process of how to write a Volatility plugin for cash and prizes you should go here: http://volatility-labs.blogspot.com/2016/04/the-2016-volatility-plugin-contest-is.html
Did I miss something? Let me know in the comments below!
Also Read: Daily Blog #368
Post a Comment