tag:blogger.com,1999:blog-13777170.post6444225027393662340..comments2024-03-11T02:35:50.848-05:00Comments on grand stream dreams: Security and Forensics Roundup #4: Eyes on youUnknownnoreply@blogger.comBlogger5125tag:blogger.com,1999:blog-13777170.post-66730410051787086012009-01-24T11:10:00.000-06:002009-01-24T11:10:00.000-06:00@ Nathaniel - Dude! That's an awesome find!What's...@ Nathaniel - Dude! That's an awesome find!<BR/><BR/>What's more...it is fully portable so it can be toted around on a USB stick.<BR/><BR/>Sweet! Thanks for passing along the tip. I'll add it in to my next software linkpost!<BR/><BR/>Cheers!Claushttps://www.blogger.com/profile/11692921474310162470noreply@blogger.comtag:blogger.com,1999:blog-13777170.post-62867204094626020742009-01-23T22:23:00.000-06:002009-01-23T22:23:00.000-06:00Don't know if you saw it on the Exiftool page, but...Don't know if you saw it on the Exiftool page, but there is a Windows GUI for it that seems pretty good. http://freeweb.siol.net/hrastni3/foto/exif/exiftoolgui.htm<BR/><BR/>Have yet to get around to it, but I downloaded Exiftool so I could change incorrect timestamps on photos (forgot to reset the camera clock!).Nathanielhttps://www.blogger.com/profile/02073334949813152030noreply@blogger.comtag:blogger.com,1999:blog-13777170.post-50761720746875870392009-01-19T19:58:00.000-06:002009-01-19T19:58:00.000-06:00@cdman83 - Great post! Thanks for sharing it with...@cdman83 - Great post! Thanks for sharing it with me!<BR/><BR/><A HREF="http://hype-free.blogspot.com/2009/01/how-permissive-is-windows-autoruninf.html" REL="nofollow">How permissive is the Windows autorun.inf parsing?</A><BR/><BR/>I really like the suggestion about running strings.<BR/><BR/><A HREF="http://www.foundstone.com/us/resources/proddesc/bintext.htm" REL="nofollow">Foundstone's BinText</A> might also be a standalone executable that could help screen it in a GUI interface.<BR/><BR/>Sysinternals has it's <A HREF="http://technet.microsoft.com/en-us/sysinternals/bb897439.aspx" REL="nofollow">Strings</A> which is CLI (and might turn off the casual users).<BR/><BR/>Finally the brilliant Didier Stevens walks us through both tools in his older post <A HREF="http://blog.didierstevens.com/2006/07/07/viewing-strings-in-executables/" REL="nofollow">Viewing strings in executables</A>.<BR/><BR/>Good stuff and thank you very much for the added investigative work.<BR/><BR/>I think this type of "attack" by misdirection might become more common.<BR/><BR/>Especially if it takes the form as seen in this latest F-secure post that is also related to both ath autorun.inf file as well as Windows Vista and Windows 7.<BR/><BR/><A HREF="http://www.f-secure.com/weblog/archives/00001586.html" REL="nofollow">Social Engineering Autoplay and Windows 7</A><BR/><BR/>--Cheers!Claushttps://www.blogger.com/profile/11692921474310162470noreply@blogger.comtag:blogger.com,1999:blog-13777170.post-79807010248088246472009-01-18T10:35:00.000-06:002009-01-18T10:35:00.000-06:00Thanks for that post on drive wipes - certainly in...Thanks for that post on drive wipes - certainly interesting research. We have a few tin-foil hatters at my corporation who still do the 3-pass wipe in fear that data could still be recovered otherwise. Ha, if you have any ideas on how to convince these people 1-pass is all you need, please let me know!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13777170.post-31926632499191004712009-01-18T02:15:00.000-06:002009-01-18T02:15:00.000-06:00A little ping: the autorun.inf parsing is even mor...A little ping: the autorun.inf parsing is even more permissive than the one shown by the F-Secure people. Check out my little research about the topic: http://hype-free.blogspot.com/2009/01/how-permissive-is-windows-autoruninf.html<BR/><BR/>You can make it so that you won't see <I>anything</I> of use with the standard tools.Cd-MaNhttps://www.blogger.com/profile/05030326541176171725noreply@blogger.com