Top Ad unit 728 × 90

Latest News


Daly Blog #258: Saturday Reading 3/8/14

Hello Reader,
It's Saturday and boy has the DFIR community been busy this week! We have 14 links to read this week and I know I didn't cover everything that made its way out there! I guess the extended winter has more of us indoors and researching so let's hope it lasts a little longer. It's time for more links to make you think on this weeks Saturday Reading!

1. The Forensic Lunch was served up this week with a full plate of knowledge with some experience on the side. This week on the forensic lunch:
Doug Collins, talking about his career in DFIR and how to become a regular Sunday Funday winner

Mark Spencer. @arsenalrecon, talking about his work at Arsenal Experts and their tools (Registry Recon and Arsenal Image Mounter)

Sebastian Nerz, @tirsales, discussing the state of DFIR in Germany/EU

You can watch it here:

2. There is a new post on the SANS blog from Lenny Zelster going over tools that are available for static analysis of malware and other executables,

3. Over on the Apple Examiner blog there is a good writeup for those of you doing forensics on OSX systems. There is a new driver out to allow mounting EXT file systems in OSX read about it here,

4. If you are looking to become a testifying expert, or become a better testifying expert I would highly recommend reading Craig Ball's blog post located here,

5. I liked this post by Didier Stevens showing how to use .cat file to validate packages to determine if you are dealing with a false positive or not

6. I hope Adam's beyond the run key series never ends, because its fascinating. This week's entry shows how to manipulate existing pinned applications for the execution of malware,

7. Over on Chad Tilbury's blog there is a new post called 'forensics in the post snowden era' Chad is showing how applications we rely on for artifacts are changing how they operate to make all of our lives harder.

8. Harlan has a new post up and its an amazing read. If you ever wanted a short deep dive into in depth damaged registry analysis, this is it!

9. Ian Duffy has a new post up this week continuing his series on MS Office internals, this one showing how to repair a document header which can be the difference from having an interesting string into a powerful document.

10. Interested in Windows 8 preftech files? You should read over this post by Jared on the Invoke-IR blog to really get an understanding of the internals with his excellent illustration:

11. Darren Windham, a serial sunday funday winner, has started a blog! He is chronicling the operation and review of a honeypot as he see's what the attackers decide to reveal about themselves. I plan to follow along,

12. Julia Desautels from Champlain has a new post up describing how to recover google searches made through Google Glass

13. Matt Bromiley over at the 505 Forensics blog is back with a follow up from last week, this time showing how to use logstash to bring a variety of non json data sources into elastic search. It's neat check out (We are in the lab!)

14. Lastly this week here is a post by David Dym showing how to use his tool metadiver to analyze shell metadata from files.

Daly Blog #258: Saturday Reading 3/8/14 Reviewed by David Cowen on March 07, 2014 Rating: 5

No comments:

All Rights Reserved by Hacking Exposed Computer Forensics Blog © 2014 - 2020
Powered By Blogger, Designed by Sweetheme

Contact Form


Email *

Message *

Powered by Blogger.