Jesse Kornblum just released the first publicly available version of his new program SSdeep. SSdeep detects similarities between files based on hash values.
Continue reading SSdeep Version 1.1.
August 2006 Archives
I have posted a collection of PTfinders for Windows 2000, Windows XP (should be good for XP SP1 too), Windows XP SP2 and Windows Server 2003. I wish to thank reader "Frank" for his support. Please report bugs to bugs-ptfinder [at] forensikblog.de.
Continue reading PTfinder Collection posted.
As previously noted, a binary reconstructed from a memory dump may not match with the original file on disk. This raises the question how hash creation and file authentication procedures must be changed in order to provide this functionality.
Continue reading Authenticating a Reconstructed Binary.
The First Annual Workshop on Digital Forensics and Incident Analysis (WDFIA) has been announced for 13th December 2006 at the Faculty of Advanced Technology, University of Glamorgan, UK. The workshop will be hosted at the 2nd European Conference on Computer Network Defence.
Continue reading WDFIA 2006.
Since June 2006 Marwan Al-Zarouni and Salvatore Fiorillo blog about mobile phone forensics, computer security and information security. You might want to check out their site at http://www.mysecured.com/.
In a white paper AAron Walters describes how the Forensic Analysis ToolKits (FATKit) can be used to detect the injection of malicious code.
Continue reading Detecting a Library Injection with FATKit.
