Sunday, April 05, 2009

Economic Stimulus Package Linkfest

Lots of links. Just spreading the wealth around…

Side note: Is it just me or do none of these freespace wiping program tools seem to work under Vista very well. I think I’m missing something here. I’ve been playing with them and I can run DiskDigger and find a large number of deleted (but recoverable) files. Then I do a freespace wipe (as admin level) using either of these tools. Then I rerun DiskDigger and the files are still all there and recoverable. Surely I’m doing something wrong? It’s not just the “names” but the actual files themselves as I can preview most of them just fine in the clear. Thoughts?

Update -- Turns out this issue looks like a "Doh!"moment. I went back and re-read the DiskDigger product info and on the page (linked above) found this tidbit: "Because DiskDigger bypasses the file system of the device being read, it will detect files that haven’t been deleted in addition to files that have. This means that you might have to sift through files that still “exist” in the file system before you find a file that’s actually been deleted. However, the Preview feature makes this process quick and painless."

Looks like the freespace was probably getting wiped effectively after all. DiskDigger is just displaying all files it finds. I'm going to have to retest with Recuva as I believe it only reports truly "deleted" files. That and do some sector-based testing as well (create file, observe sector location, delete file, wipe freespace, go back with sector viewer tool and see if now gone).

  • HelixCE Community Edition - Download HelixCE200401brc1.iso RC1!!! – The community edition of Helix looks to be near relase. For some reason the ISO link isn’t working at the moment. Maybe it will be up early this week? Looking forward to seeing how the efforts are playing out here.

  • DEFT Extra (Windows Forensics GUI 1.0) and DEFT v4.2 DEFT Linux - Computer Forensics live cd – The DEFT crew is getting ready to release what looks to be a bang-up version this week. Looks to have an exciting “run-on-Windows” launching tool like CAINE or HELIX3 both have.

  • Ophcrack – New version with some new features is released.

  • Offline NT Password & Registry Editor – If you can’t crack it, reset it. I somehow missed that an updated version of this Windows 2000/XP/Vista/(Windows 7?) tool got released in August 08. Had to snag this newer version.

  • Offline-Update 5.2 with Internet Explorer 8 – New version now supports IE8 deployments (or not). Arguably one of the two or three best off-line Windows system updating and patching tools out there. If you are a sysadmin, you had better be familiar with this tool. If you are the family-IT support guy or gal, it is well recommended to keep an updated and packed version handy on your USB stick or CD before you go visiting.

  • PDFiD « Didier Stevens – Neat free tool to look for exploits in PDF files. Cool!

See ya!


No comments: