Episode 23- Forensics on a Budget

January 5th, 2011 8 Comments

The show notes are chock full o’ links for your reading/research pleasure.

News Links:

ImageUSB Utility: http://www.osforensics.com/tools/write-usb-images.html

Gawker Breach: http://www.businessinsider.com/gawker-hacked-2010-12

http://www.mediaite.com/online/gawker-medias-entire-commenter-database-appears-to-have-been-hacked/

LinkedIn Password Reset: http://news.cnet.com/8301-27080_3-20025688-245.html?tag=cnetRiver

Shameless plug for my Password episode: http://www.cybercrime101.com/episode-2-passwords

Fake Microsoft Security Update email: http://www.pcworld.com/article/215491/worm_planted_in_fake_microsoft_security_update.html?tk=twt_pcw

http://nakedsecurity.sophos.com/2011/01/04/fake-microsoft-update-spreads-worm/

CEIC Conference: http://www.ceicconference.com/agenda.aspx

Forensic Software Links:

Red Wolf Forensics (Skype Log Parser, Prefetch Parser): http://redwolfcomputerforensics.com/index.php?option=com_content&task=view&id=42&Itemid=55

RegRipper: http://regripper.net/

The SleuthKit: http://www.sleuthkit.org/sleuthkit/desc.php

SANS Investigative Forensic Toolkit (SIFT)  Workstation (SANS Portal Account required): http://computer-forensics.sans.org/community/downloads/

Internet Evidence Finder (Free to LEO’s, $49.99 for everyone else): http://www.jadsoftware.com/go/

DCode (Decodes various time/date formats): http://www.digital-detective.co.uk/freetools/decode.asp

AccessData’s FTK Imager: http://accessdata.com/support/adownloads

Volatility (Memory Forensics Framework): https://www.volatilesystems.com/

Wireshark (Network Protocol Analyzer): http://www.wireshark.org/

ChromeAnalysis: http://forensic-software.co.uk/chromeanalysis.aspx

FoxAnalysis: http://forensic-software.co.uk/foxanalysis.aspx

Jonathan Krause’s awesome list of free forensic software: http://forensiccontrol.com/fcresources.php

Forensic Training and Resources:

SANS Reading Room: http://www.sans.org/reading_room/

SANS Free Webcasts: http://www.sans.org/webcasts/

National White Collar Crime Center (NW3C) Training: http://www.nw3c.org/ocr/courses_desc.cfm

Guidance Software (EnCase) Training Passport: http://www.guidancesoftware.com/computer-forensics-training-annual-training-passport.htm

Accessdata’s All Access Pass: http://accessdata.com/training/all-access-pass
Oh, and Ken forgot to mention his blog at http://digiforensics.blogspot.com/

Podcast: Play in new window | Download

Read More »

ImageUSB available from PassMark Software

January 2nd, 2011 No Comments

ImageUSB, a utility that allows you to copy an image to multiple USB Flash Drives, has been made available by PassMark Software.  This can be a great tool for academic purposes.  They claim the following on their site:

Unlike other USB duplication tools, ImageUSB can preserve all unused and slack space during the cloning process, including the Master Boot Record (MBR). ImageUSB can perform flawless mass duplications of all UFD images, including bootable UFDs.

It is in Beta as of this writing.  As always, make sure you test applications/utilities out prior to using in a production situation.

Joe

Read More »

Merry Christmas

December 24th, 2010 1 Comment

Hey everyone,

I just wanted to wish you all a Merry Christmas and a healthy holiday season.  I also wanted to thank all of you for your support in making the show great.  I hope the show continues to evolve and get better in 2011.

Joe

Read More »

The “InsideTheCyberCrime4Cast” Super Show is out

December 22nd, 2010 1 Comment

Lee over at Forensic4Cast has posted the audio from our super podcast, InsideTheCyberCrime4Cast.  It included Lee and myself, as well as Dave Melvin & Chris Curran from Inside the Core.  There was even a triumphant return (sorry, I couldn’t think of a better phrase to throw in there) of Simon Whitfield to the 4Cast.

I had a blast with the guys and hopefully next time we will have Ovie Carroll from the CyberSpeak podcast join us.  Ovie was away on business and couldn’t make the show this time.

Joe

Podcast: Play in new window | Download

Read More »

InsideTheCyberCrime4Cast show

December 19th, 2010 No Comments

Hey people,

Yesterday, I had the pleasure of recording the first ever “InsideTheCyberCrime4Cast” super show episode.  Aside from myself, there was Lee and his brother Simon (making his triumphant return) from Forensic4Cast, as well as Dave & Chris from Inside the Core.  We had a blast recording the show, but we missed having Ovie from Cyberspeak join us.  Ovie was away working and was unable to join us (next time maybe).

Once Lee posts the audio, I will link to it for your listening pleasure.

Joe

Read More »

Gawker, Gizmodo & Lifehacker User Databases Compromised

December 13th, 2010 1 Comment

The user databases for Gawker and it’s sister sites Gizmodo and Lifehacker have been compromised.  If you have user accounts set up for any of those sites, make sure you change your passwords immediately!!!  If you have a user account set up for any of those sites and you use the same username & password for other sites, change your passwords IMMEDIATELY!!!

If you haven’t listened to it yet, check out episode# 2 of the podcast for tips on creating passwords and suggestions for password generators/vaults.

As a side note….

I do find it funny how they chose to not allow comments on that article.

Read More »

Episode 22- Firesheep, Sophos for Mac and REM Review

November 30th, 2010 2 Comments

In this episode, I discuss the “Firesheep” extension for Firefox, Find My iPhone becoming a free service for iDevice users, Sophos’ free Anti-Virus application for the Mac OS and finally, I review the SANS Forensics 610 (Reverse Engineering Malware) course.
Links:

Firesheep-http://codebutler.com/firesheep

Article on Firesheep- http://www.computerworld.com/s/article/9192923/New_Firefox_add_on_hijacks_Facebook_Twitter_sessions

EFF & The TOR Project’s “HTTPS Everywhere” Firefox Extension- https://www.eff.org/https-everywhere

Find My iPhone- http://lifehacker.com/5696311/how-to-enable-and-use-find-my-iphone-for-free-on-iphone-3gs-and-other-pre+2010-devices

Sophos’ Free Anti-Virus for Mac OS X- http://www.sophos.com/products/free-tools/free-mac-anti-virus/

SANS REM Course- http://www.sans.org/security-training/reverse-engineering-malware-malware-analysis-tools-techniques-54-mid

Podcast: Play in new window | Download

Read More »

I’m still here

November 14th, 2010 1 Comment

Hey folks,

Sorry for the lack of a new episode recently.  I’ve been a bit busy in my personal life and haven’t any had time to record a show.  I promise to have a show out in the next week. I will be reviewing the SANS FOR 610 (Reverse Engineering Malware) Course and of course will have some News & other bits on there.

Thanks for the understanding and support,

Joe

Read More »

Episode 21- 1 Year Anniversary and HacKid Recap

October 22nd, 2010 2 Comments

Hey everyone, I actually made it a year with the show.  Thank you for listening!!!

This show, I recap the HacKid Conference which was held October 9-10, 2010 in Cambridge, MA at the Microsoft NE Research & Developement (NERD) Center.  It was a great experience and I am proud to be a part of it.  Look forward to more in the future!

Joe

Podcast: Play in new window | Download

Read More »

My latest SANS Blog Post: Stuck on Stickies

October 19th, 2010 No Comments

My latest SANS Blog Post, Stuck on Stickies, is up for your reading pleasure.  It covers the artifact locations of various “Sticky Note” applications on Window Vista/7, Mac OS X and Ubuntu Operating Systems.

Read it HERE

Also, keep an eye on the Forensic Artifacts site that I maintain with Matt Churchill.  I’ll be adding the “Sticky Note” info to that site as well.

Joe

Read More »
« Older Entries
Newer Entries »
Subscribe to RSS Feed Follow me on Twitter!