Top Ad unit 728 × 90

Latest News


Daily Blog #153: Saturday Reading 11/23/13

Hello Reader,
           It's Saturday! I had a bit too much fun playing the heartstone beta last night so I didn't post this the night before like I usually do, no reason not to share good links though!

1. Forensic Lunch went down yesterday! We had Mari DeGrazia on to talk about her research into SQLite deleted data recovery and Eric Zimmerman talking about being the first Xways Xpert and OsTriage v2. Watch it here

2. Yogesh Khatri has been putting up some good blog posts this week in regards to changes in USB device forensic in Windows 8. He's done this in two posts this week, the first is on new registry entries from USB device removal with timestamps, very cool! The second is talking about which event logs are not being created on USB device insertion and removal This is great stuff and hopefully he'll keep going!

3. In an interesting civil case over on the CYB3RCRIM3 blog a unhappy consumer sued best buy an represented himself, This case is interesting to me because claims revolved around not just the typical warranty issues but also the malware/spyware found on his computer. Good reading for anyone buying computers and warranties from a retailer.

4. On forensic focus there is a new article up on new metadata found in OSX Mavericks, read it here The article goes into two different types of new metadata found in OSX Mavericks, email attachments saved to disk and file tagging.

5. Harlan has a new post up on using the 'sniper forensics' methodology of examination to quickly find malware and reduce analysis time. He then goes into working with Volatility and his steps taken in using it for memory analysis. A good read you can see here

6. If you are doing forensics on OSX systems your going to run into virtual machines as most users run their Windows apps in Parallels of Fusion. This can be a pain as you want a forensic image to work with in most of your tools. This article on appleexaminer goes through how to convert these images to raw/dd images using qemu

7. Dealing with dropbox on Windows XP and want to decrypt more of the databases? Magnet forensics has updated their tool to now work against any Dropbox database and its free!

8. Forensic Femmes has a good interview with Sk3tchmoose aka Melissa Augustine about her work in DFIR

9. The Volatility guys put up some more training dates,, this is a class I'd like to take in the future!

That's all for this week, lots of good stuff out there. Sunday Funday is coming up shortly after!
Daily Blog #153: Saturday Reading 11/23/13 Reviewed by David Cowen on November 23, 2013 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form


Email *

Message *

Powered by Blogger.