Hello Reader,
It's Saturday! I'm feeling better and the skies are blue, its go drop the kids off with the grandparents and get ready for another week! Time for more links to make you think in this weeks Saturday Reading!
1. We had a great Forensic Lunch this week! Our guests this week (in order of appearance):
You can watch it here:
https://www.youtube.com/watch?feature=player_embedded&v=mNLOokxME5A
2. Harlan has a new post up on his blog with updates, most importantly to me is the new plugins available for RegRipper! http://windowsir.blogspot.com/2014/05/new-stuff.html
While I use a variety of tools its rare for me to not have regripper on hand.
3. David Kovar has a new post up on his view on Incident Response as it stands today, http://integriography.wordpress.com/2014/05/06/if-you-are-doing-incident-response-you-are-doing-it-wrong/. It's a good post that should help you put your reactive response efforts into the perspective of established emergency management processes to help you manage rather then respond.
4. Over on the Linux Sleuthing blog there is a new post showing how to use command line tools to parse search queries from history plists, nice walk through if you don't speak grep/sed/awk/regex http://linuxsleuthing.blogspot.com/2014/05/searching-for-searches.html
5. Michael Maurer has a new post up on the DiFT blog announcing the alpha release of a virtual machine that will take your supertimeline data into logstash and thus elastic search/kibana. A great resource if you don't have a team of developers on hand to solve all of these things for you: http://diftdisk.blogspot.com/2014/05/dift-alpha.html
It's Saturday! I'm feeling better and the skies are blue, its go drop the kids off with the grandparents and get ready for another week! Time for more links to make you think in this weeks Saturday Reading!
1. We had a great Forensic Lunch this week! Our guests this week (in order of appearance):
- Mari DeGrazia, @maridegrazia, talking about her research into the Thunderbird email client, its variations and the tool she has put out to work with it. You can read her post about this on her blog as well as grab the tool here: http://az4n6.blogspot.com/2014/04/whats-word-thunderbird-parser-that-is.html
- Hal Pomeranz, @halpomeranz, talking about his research into Encrypted iTunes backups. How to extract out whats contained within them and when they were made, very cool stuff. Here are the links Hal mentioned:
- Stack overflow discussion of the manifest.mbdb file:
- http://stackoverflow.com/questions/3085153/how-to-parse-the-manifest-mbdb-file-in-an-ios-4-0-itunes-backup
- Link to download Hal's tool here:
- https://github.com/halpomeranz/mbdbls
- Lucas Zaichkowsky, @LucasErratus, from AccessData talking about his work there and a new reveal of their unified cybersecurity/response/forensics platform. Very cool stuff that I didn't realize they were already viewing. I'll have to get a better understanding of this technology!
You can watch it here:
https://www.youtube.com/watch?feature=player_embedded&v=mNLOokxME5A
2. Harlan has a new post up on his blog with updates, most importantly to me is the new plugins available for RegRipper! http://windowsir.blogspot.com/2014/05/new-stuff.html
While I use a variety of tools its rare for me to not have regripper on hand.
3. David Kovar has a new post up on his view on Incident Response as it stands today, http://integriography.wordpress.com/2014/05/06/if-you-are-doing-incident-response-you-are-doing-it-wrong/. It's a good post that should help you put your reactive response efforts into the perspective of established emergency management processes to help you manage rather then respond.
4. Over on the Linux Sleuthing blog there is a new post showing how to use command line tools to parse search queries from history plists, nice walk through if you don't speak grep/sed/awk/regex http://linuxsleuthing.blogspot.com/2014/05/searching-for-searches.html
5. Michael Maurer has a new post up on the DiFT blog announcing the alpha release of a virtual machine that will take your supertimeline data into logstash and thus elastic search/kibana. A great resource if you don't have a team of developers on hand to solve all of these things for you: http://diftdisk.blogspot.com/2014/05/dift-alpha.html
Post a Comment