« July 2006 | Main | September 2006 »

Lab

SSdeep Version 1.1

Jesse Kornblum just released the first publicly available version of his new program SSdeep. SSdeep detects similarities between files based on hash values.

(more...)

By Andreas Schuster at 08/13/2006, 11:55 AM |

Memory analysis

PTfinder Collection posted

I have posted a collection of PTfinders for Windows 2000, Windows XP (should be good for XP SP1 too), Windows XP SP2 and Windows Server 2003. I wish to thank reader "Frank" for his support. Please report bugs to bugs-ptfinder [at] forensikblog.de.

(more...)

By Andreas Schuster at 08/10/2006, 07:00 PM |

Memory analysis

Authenticating a Reconstructed Binary

As previously noted, a binary reconstructed from a memory dump may not match with the original file on disk. This raises the question how hash creation and file authentication procedures must be changed in order to provide this functionality.

(more...)

By Andreas Schuster at 08/02/2006, 03:00 PM |

Side notes

WDFIA 2006

The First Annual Workshop on Digital Forensics and Incident Analysis (WDFIA) has been announced for 13th December 2006 at the Faculty of Advanced Technology, University of Glamorgan, UK. The workshop will be hosted at the 2nd European Conference on Computer Network Defence.

(more...)

By Andreas Schuster at 08/02/2006, 12:30 PM |

Side notes

New Blog about Mobile Phone Forensics and more

Since June 2006 Marwan Al-Zarouni and Salvatore Fiorillo blog about mobile phone forensics, computer security and information security. You might want to check out their site at http://www.mysecured.com/.

By Andreas Schuster at 08/01/2006, 07:20 PM |

Memory analysis

Detecting a Library Injection with FATKit

In a white paper AAron Walters describes how the Forensic Analysis ToolKits (FATKit) can be used to detect the injection of malicious code.

(more...)

By Andreas Schuster at 08/01/2006, 03:00 PM |