Daily Blog #342 Saturday Reading 5/31/14

Saturday Reading by David Cowen - Hacking Exposed Computer Forensics Blog
Hello Reader,
       It's Saturday! Another week of forensics has passed us by and its time reflect on facts hard fought and mysteries left to solve. It's time for more links to make you think in this weeks Saturday Reading.

1. We had a fun Forensic Lunch this week with:
  • Sarah Edwards, @iamevltwin, talking about her presentation on Mac/OSX malware at the SANS DFIR Summit. Here are the slides from her presentation at Bsides NOLA https://googledrive.com/host/0B_qgg13Ykpypekw4d2hwLVJmeDg/REMacMalware.pdf
  • Lee Whitefield, @lee_whitfield, talking about the current Trucrypt conspiracy theories and what may have happened
You can watch it here: https://www.youtube.com/watch?v=4ZWP9ZZ71bk

2. Over on the Apple Examiner blog here is a new writeup on making a portable OSX triage workstation, if you are a OSX user its a good read http://www.appleexaminer.com/MacsAndOS/Analysis/HowTo/PFW/PFW.html

3. The volatility blog has been updated with a large set of information, including updates on their book and the announcement of their yearly plugin contest. Get involved and win a prize! http://volatility-labs.blogspot.com/2014/05/volatility-update-all-things.html

4. On the Digital Forensic Tips blog there is a writeup on how to deal with Trucrypt in your investigations, its a good summary and worth a read http://digitalforensicstips.com/2014/05/some-basic-options-when-dealing-with-truecrypt-aka-finally-a-forensics-post/

5. On the hexacorn blog Adam has a write up about a new malware variant that is targeting Windows Sidebar gadgets, http://www.hexacorn.com/blog/2014/05/24/upatres-gadgetry/

6. Brian Moran has a new blog up in his series on artifacts of Bluetooth data exfil, read part 4 here http://brimorlabs.blogspot.com/2014/05/bluetooth-for-data-exfiltration-say_29.html

7. The papers presented at DFWRS EU 2014 are up and I'm looking forward to reading new research, http://dfrws.org/2014eu/program.shtml, you might seem some blog posts pop up on the most interesting to me

8. Glen Edwards, Jr and Ian Ahl of fireye put up their slides from Bsides NOLA called 'Mo' Memory No Problems' https://speakerdeck.com/hiddenillusion/mo-memory-no-problem

9. The Open Security Research blog has been updated with a how to guide to remote memory acquisition in Linux, very cool http://blog.opensecurityresearch.com/2014/05/acquiring-linux-memory-from-server-far.html

10. J Michel has posted a step by step walk through of a journey into chip off, something I'm very interested in http://blog.j-michel.org/post/86992432269/from-nand-chip-to-files

Also Read: Daily Blog #341

Post a Comment