Blog Posts Tagged with "Forensics"
Memory Forensics: Pull Process and Network Connections from a Memory Dump
November 23, 2011 Added by:Dan Dieterle
From the output of the command, we see the physical memory location, process name and the PID number of all processes that were running. This helps deduce if something was running that should not have been and allows you to view programs that may be running under the process...
Comments (0)
Memory Forensics: How to Pull Passwords from a Memory Dump
November 13, 2011 Added by:Dan Dieterle
We now have a list of where several key items are located in the memory dump. Next, we will extract the password hashes from the memory dump. To do this we need to know the starting memory locations for the system and same keys...
Comments (0)
Registry Analysis with Reglookup
November 10, 2011 Added by:Andrew Case
This tool recovers deleted entries within registry hives, then reports them in a CSV format similar to reglookup. This capability has fairly obvious applications in forensics investigations, and investigators should consider adding reglookup-recover usage to their forensics process...
Comments (0)
Memory Forensics: How to Capture Memory for Analysis
November 10, 2011 Added by:Dan Dieterle
Analysts use memory dumps to analyze malicious software. Once you have the memory dump, you can perform some very interesting analysis on it, like viewing what processes and programs were running on the machine, and what network connections the system had. You can even pull passwords from them...
Comments (2)
NYSBA Releases E-Discovery Best Practices Guidelines
November 04, 2011 Added by:Headlines
The guidelines are organized in a systematic fashion covering topics applicable to electronically stored information before, during and after e-discovery has occurred and includes coverage of legal holds, adequate preservation, investigations, duty to preserve, inadvertent alteration...
Comments (0)
Open Source Registry Decoder 1.1 Tool Released
November 02, 2011 Added by:Andrew Case
We are announcing the release of Registry Decoder 1.1, a free and open source tool. We are reaching out to practitioners and research groups (professional and academic) in an attempt to proliferate Registry Decoder. We would appreciate any plugins contributed from these communities...
Comments (0)
File Forensics: Unzipping Word Docs to See XML Source
October 16, 2011 Added by:Dan Dieterle
Run the Docx file through an unzip program and you can see several files and folders full of XML data. You will also find information that could be very useful for forensics, including file revision, creation and modify dates, document creator and the person one to modify the document...
Comments (1)
Digital Evidence and Computer Crime
September 28, 2011 Added by:Ben Rothke
When it comes to digital crime, the evidence is often at the byte level, deep in the magnetics of digital media, invisible to the human eye. That is just one of the challenges of digital forensics, where it is easy to destroy crucial evidence and often difficult to preserve it correctly...
Comments (0)
Forensics for Network, Internet, and Cloud Computing
September 06, 2011 Added by:Tony Campbell
A number of chapters had a very long and complete reference section, while a few chapters had no reference section at all, yet it was obvious that they required a reference section. And poor screenshots and lack of references seems like laziness on behalf of the author and publisher...
Comments (0)
EFF Releases 'Know Your Digital Rights' Guide
June 28, 2011 Added by:Headlines
"Sometimes police can search your computer whether you like it or not, but sometimes they can't. We wrote this guide to help you tell the difference and to empower you to assert your rights when the police come knocking..."
Comments (0)
Understanding Network Forensics Makes Security Smarter
June 05, 2011 Added by:Kelly Colgan
Recovering successfully from a breach is definitely something to shoot for. But nothing makes executives smile, or helps build back customer confidence, more then putting the bad guys behind bars. It makes for good news headlines. Plan for it...
Comments (0)
Osama Bin Laden's Computer Files and Data Encryption
May 06, 2011 Added by:Headlines
"Correctly implemented encryption is very difficult to break. If data is encrypted correctly using good, best practices, I'm not aware of the ability to break that encryption. If correctly implemented and done by someone who understands how to do it, it's a huge, huge challenge..."
Comments (0)
Log Forensics and “Original” Events
April 03, 2011 Added by:Anton Chuvakin
Since the early days of my involvement in SIEM and log management, this question generated a lot of delusions and just sheer idiocy. A lot of people spout stuff like “you need original logs in court” without having any knowledge about forensics in general. So, what is an “original” event?
Comments (0)
Solid-State Disk Behavior Underlying Digital Forensics
March 06, 2011 Added by:Robert Gezelter
What was a previously a simple matter of running a recovery utility against a disk with corrupted structures may now involve multiple actors, all of which are operating with no mechanisms for synchronization. The possible risks may invalidate sound operating procedures, leading to data loss...
Comments (0)
Electronic Discovery and Digital Forensics: The Applications Front
February 28, 2011 Added by:Robert Gezelter
Attorneys and Information Technologists need to cooperate to identify relevant data and ensure that both the raw data and the technological context needed to understand data files is preserved to protect all interests, both actual parties and otherwise non-involved third parties...
Comments (0)
Digital Forensics and E-Discovery on OpenVMS
February 21, 2011 Added by:Robert Gezelter
OpenVMS system managers need to develop the plans, processes, and procedures to respond to legal process requests. Correctly dealing with these requests minimizes the impact on production systems. Failure to address these situations can expose the organization to significant liability...
Comments (0)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids
- COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider