Security Reference
Get flash to fully experience Pearltrees
Something I’ve found unsettling for some time now is the drastically increased usage of gzip as a Content-Encoding transfer type from web servers. By default now, Yahoo, Google, Facebook, Twitter, Wikipedia, and many other organizations compress the content they send to your users. From that list alone, you can infer that most of the HTTP traffic on any given network is not transferred in plaintext, but rather as compressed bytes. As it turns out, the two screenshot above are for the exact same network session, the later screenshot being from wireshark and showing the data sent by the webserver really is compressed and not discernable.
Network Forensics Blog » Decompile
Zues Indicators
So all this talk of Windows 7 Jumplists (eg here and here ) got me thinking - What if you needed to look up an AppID and didn't have access to the Internet? Also, Is there any way we can import a list of AppIDs so we can then access them from some future scripts (eg for processing Jumplists)? I then had my "Aha!" moment (no, nothing to do with that 80s band), and thought "SQLite!" SQLite also has the benefit of being cross-platform - so an AppID List generated on SIFT should work on a PC etc.
Cheeky4n6Monkey - Learning About Digital Forensics
System Forensics: IETab_IE65 Malware Analysis
So I decided to pick another "South Korean" piece of malware to keep things local. I was browsing around and came across one called, IETab_IE65.exe. To be honest, I forgot where I found it, so I apologize for not giving credit to the site.
My article on geo-location artifacts was chosen as the cover story in Digital Forensics Magazine for this quarter (Issue 9, November 2011). It has been some time since I have written anything for published media, and the process was intriguing. It definitely gives me new respect for journalists that pound out print articles two at a time. Geo-location forensics has been a focus of my research for a while, and I am fascinated with how much information our devices record about our activities and how little we collectively seem to care. You can record my browsing habits all day long, but once you start tracking my physical location, it feels so much more like spying. Hence the title, Big Brother Forensics .
Forensic Methods | Computer Forensic Investigations
Open Security Research
By Chris Stark. There are numerous resources on the Internet that detail secure configurations for Oracle; CISecurity, NIST, SANS, and Oracle just to name a few. Despite this, however, Foundstone continues to encounter vulnerable Oracle databases in our internal and external penetration tests. More often than not, we consultants are able to leverage the vulnerable Oracle databases to compromise additional hosts. A single vulnerability in an Oracle database can eventually be escalated to privileged credentials in Active Directory or LDAP. Why do we continue to encounter Oracle servers with misconfigurations and other vulnerabilities that can easily avoided by just a little effort by DBAs?
Windows Incident Response
Locard's I don't often read the Security Ripcord blog, but when I do, it's because there's something interesting there to read. See what I did there? That opening line was just a sneaky way to work a graphic into this post.
Main Page - Forensics Wiki
2012-feb-25: We continue to have problems with our hosting provider and are in the process of identifying a new one. Thank you for your patience.
