Security Ripcord
Associations
State of the Internet
Archive for May, 2009
Quick Incident Response Techniques IV
Tuesday, May 12th, 2009 Posted in F-Response, forensics, Incident Response | 5,569 views 1 Comment »
In Quick Incident Response Techniques I, II and III we talked about how to use F-Response and FTK Imager to gather hard drive and memory information from a remote system ... Read more..Malware Characteristics Report – Trojan.RegSubsDat.A
Tuesday, May 12th, 2009 Posted in Incident Response, Malware, Microsoft, Security | 11,168 views No Comments »
A while back Harlan posted Looking for "Bad Stuff", pt III (Malware Detection). In this post he outlined a method of talking about malware so that it could be more ... Read more..Quick Incident Response Techniques III
Monday, May 11th, 2009 Posted in F-Response, forensics, Incident Response | 4,843 views 1 Comment »
In our first Quick Incident Response Techniques I and II we talked about how to use F-Response and FTK Imager to gather hard drive and memory information from a remote ... Read more..Quick Incident Response Techniques II
Friday, May 8th, 2009 Posted in F-Response, forensics, Incident Response | 4,771 views No Comments »
Picking up where we left off in the last post, Quick Incident Response Techniques, we are about to connect to the hard drive and memory of a remote system. In ... Read more..Quick Incident Response Techniques
Friday, May 8th, 2009 Posted in F-Response, forensics, Incident Response | 10,717 views 4 Comments »
<!-- @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } --> When answers are needed fast an incident handler needs to be able to quickly gather pertinent ... Read more..Large Memory Acquisitions
Wednesday, May 6th, 2009 Posted in forensics, Incident Response | 5,473 views 6 Comments »
Here is a question for those of you collecting memory from systems: What do you do when you need to acquire memory from a 32-bit operating system that is running on ... Read more..Memory Tools Perform Differently
Wednesday, May 6th, 2009 Posted in forensics | 6,533 views 1 Comment »
Although analyzing information provided in a system's memory is not a new trick, the tools that help us automate these tasks are still new. The three products that I am ... Read more..