Here is a mini-roundup of some great forensic posts over the past few weeks I bookmarked.
- There Are Four Lights: Incident Response - Windows Incident Response blog - I’m always on the lookout to be humbled (and schooled) in better incident response methodologies.
- There Are Four Lights: LNK Parsing tools - WIndows Incident Response blog
- Crossing Streams - WIndows Incident Response blog
- RegRipper Updates - WIndows Incident Response blog
- The Tool Validation "Myth-odology" - WIndows Incident Response blog -file under “know your tools”.
- Good Reading, Tools - WIndows Incident Response blog
- Unleashing auto_rip - Journey into Incident Response blog - nice new tool walkthough that leverages “RegRipper” for doing some pre-assessment of a potentially compromised system.
- Is WinFE still being used? - Windows Forensic Environment blog. Uh, Hell Yeah it is! This post has some excellent links on how WinFE is being used, and ways to build your own. Of course Brett Shavers’ WinFE blog is littered with links, tools, and tips on how to do that if you didn’t already realize it!
- A Windows Live CD plugin for my UserAssist utility - Didier Stevens - (updated)
- Control Panel Forensics: Evidence of Time Manipulation and More - Cool stuff from Chad Tilbury over on the SANS Computer Forensics and Incident Response blog.
Meanwhile, in the world of digital forensics, our dear friend Dr. Neal Krawetz has had his hands full between teaching us the nuances of digital image forensics and fighting the noble fight against clarity, objectivity, and transparency in the world of digital news photography and photography contests. You go Dr. Krawetz!
- Unbelievable - The Hacker Factor Blog
- Angry Mob - The Hacker Factor Blog
- Deep Dive - The Hacker Factor Blog
When I grow up I want to be gothic physical/digital forensic examiner…just like Abby Sciuto!
(IN)SECURE Magazine - June 2013 edition (PDF download) covers a number of great topics this month including:
- Becoming a computer forensic examiner
- UEFI secure boot: Next generation booting or a controversial debate
- How to detect malicious network behavior
- DNS attacks on the rise: Rethink your security posture
- IT security jobs: What's in demand and how to meet it
- Remote support and security: What you don’t know can hurt you