Addressing Malware Issues from an Operational Perspective
By: Michael Robinson For approximately four years, I was responsible for the operation of a Local Area Network (LAN). Over that time the user population and data stored on the LAN more than the...
View ArticleVirtual Machine Data Recovery Using the Open VMFS Driver
By: JD Durick While forensic evidence can be recovered from hypervisor-based virtual environments (VMware’s ESXi server) used to host virtual machines through other known methods, this blog will focus...
View ArticleA Thought Provoking Way of Analyzing wtmp Files
By Mark Wade I was recently analyzing a FreeBSD computer system and was trying to determine from the wtmp files who had logged into the system, from what remote IP addresses, into what account and...
View ArticleThe Apple System Log – Part 1
By Sarah Edwards The Apple System Log was introduced in Mac OS 10.4 as a substitute for the syslog message logging functionality. These ASL files contain a variety of information that can be of use to...
View ArticleDecoding Data Exfiltration – Reversing XOR Encryption
By: Brian Hussey One of the first and most important questions that intrusion analysts are asked after a network attack is “did they steal anything?”. And if so, “what did they take?”. Often, this is...
View ArticleThe Apple System Log – Part 2 – Console.app
By: Sarah Edwards Compatibility Note: This article was written using Console.app on 10.6 – 10.7 changes slightly but still contains the functionality contained in this article (actually more, check out...
View ArticleHow can VMware’s Virtual Disk Development Kit help the forensic examiner?
By: JD Durick Many times during forensic examinations, the analyst will virtualize an acquired raw disk image given to them as a way of assisting in the overall investigation to help in the detection...
View ArticleHarris @ DoD Cyber Crime Conference 2012
For all those readers attending the DoD Cyber Crime Conference, please don’t forget to visit us at booth #509. We love to talk nerd and you can meet some of this blog’s authors. We’re always looking to...
View ArticleOn the Difficulty of Autonomous Pornography Detection
By: John Ortiz INTRODUCTION: I was watching the news the other day and saw a news report about a new product that claimed to be able to detect pornography on a PC. Fascinated, and knowing what a...
View ArticleReading Mac BSM Audit Logs
By: Sarah Edwards The audit trail logs provide security related information, in particular user login/logoff data. By default, these logs record a user logging in and logging off via the login screen,...
View Article
More Pages to Explore .....