Last week must have been pretty quiet as folks prepared for the Easter weekend. I didn’t collect near as much material as usual.
That’s a good thing seeing as I’m still digging out the piles of linkage I’ve been buried under.
Submitted for your edification:
NoVirusThanks - Funny name, great tools and freeware utilities for sysadmins and incident responders alike. I have a few other "elite go-to” sources that offer a spectacular range of utilities for my prime toolsets and I’ve had to add NoVirusThanks to my list.
- Sysinternals Utilities - Microsoft SysInternals.
- Nirsoft - Nir Sofer’s amazing collection of freeware tools and utilities.
- woanware - Mark Woan’s collection of forensics and network security utilities.
There are lots of other great producers of quality freeware Windows tools and utilities both for system administration, incident response, and forensics, but these sites seem to pack the best of them into a single place.
Wireshark · Wireshark 1.6.7 Released - Mostly bugfixes but check out the full 1.6.7 release notes if you care. Then go download the latest version of Wireshark in your favorite flavor.
Just when I thought I covered the series in my last post, Girl, Unallocated slips in a new installment, #2.4 with some timeline/SIFT work.
- Case Experience #2 - IP Theft Investigation Thought Process
- Case Experience #2.1 - More About IP Theft Thought Process
- Case Experience #2.2 - Let the Digging Begin
- Case Experience #2.3 - Digging Into the Registry
- Case Experience #2.4 - Exposing Kilroy with Log2Timeline
David Kravets from Wired’s Threat Level authored the post How Forensics Claims Facebook Ownership Contract Is 'Forged' that offers some certainly interesting items out of a forensic examination. I find value in reading publically released incident response and forensic analysis reports to pick up tips as well try to understand both the good, the great and especially the less than stellar (to then be avoided) in techniques used.
New Tools, Registry Findings - Windows Incident Response blog - Harlan Carvey passes on some new tips, tools, and registry bits of his own, one of which is the super-handy RegRipper Plugins maintenance tool from the super-cool Cheeky4n6Monkey. Read both Halan’s and Cheeky’s posts to get some idea if this tool would helpful.
Get out the Vote!
The Forensic 4cast Awards hosted by Forensic 4cast is open for voting through June 17th.
Take a look at the stellar nominees for each category and pass some love and kindness in support of the hard work these oft-unrecognized forensicators do day-in and day-out. Everybody likes some props now and then and here’s a way to show your appreciation for the top-shelf work done in the forensic community. Go and Meet the 2012 Nominees then cast a vote.
The humble GSD blog treads far below these giants but it was cool to see a kind link-back over in a recent SANS Digital Forensics Case Leads blog post. That’s some mighty fine company to be sandwiched amongst. I’m encouraged that some of these posts are as helpful to others as they are rewarding for me to share. Semper paratus, my friends.
Where’s That Image?
And here is how Claus finds new tools/techniques. Scary.
I was ripping though my RSS feed pile this past week and came across this post over at Boing Boing! That piqued my interest: Moon boxes and mystery men. I’m a sucker for old black-n-white techy photos of stuff from bygone era’s. Stuff like old space program photos, crazy industrial equipment, even the ads over at Phil Are Go!
Anyway.
While the question posed by Frank Munger was interesting, I was more curious if/where the photo had previously appeared on the WWW.
So I downloaded the “original” image, popped over to Google Images, clicked on the tiny blue camera in the search bar, uploaded the image I had downloaded and…bingo got the results. Of course, looking down a bit more on the page I found that Frank Munger had since found the answer he was seeking Y-12's moon-box mystery solved, although the Boing Boing didn’t update their story. That particular itch was now considered scratched, but that did lead me to look around for more reverse-image search tools.
There may be times when you find an image on a system or drive and want some more information about it. You could do a search on the file-name but those can be renamed. While you may not be able to draw many conclusions from an image search, it might give you some additional context for understanding.
Since the last time I went blogging about reverse-image-lookup tools on the web was quite a while ago, there are some new ones worth bookmarking.
Google Images - Check out these related links for more information on how to use this Google search feature: Search by Image · Inside Google Search and Search by Image - Google Images Help.
TinEye Reverse Image Search - One of the originals and still quite good. TinEye also offers some Plugins for major web-browsers.
Bing Images - While Bing does some great image searches based on terms, it doesn’t (yet) seem to support reverse-image searching.
Anyone know of any other reverse image search sites and/or tools worth recommending?
Cheers!
--Claus V.
No comments:
Post a Comment