In an earlier post I described the structure of quantization tables in a JPEG file. Closer inspection reveals that there are two different ways to store the information.
Continue reading Arrangement of JPEG Quantization Tables.
October 2007 Archives
The Digital Forensics Research Workshop 2008 (DFRWS) will be held in Baltimore, MD, US from August 11 to 13, 2008. The Call for Papers has been published; deadline is March 17, 2008.
03/14/2008: The submission deadline was extended to March 24, 2008.
Jesse Kornblum has released version 2.0 of his popular file-hashing application md5deep. The tool now supports unicode characters in file names when run on the Microsoft Windows platform. From now on md5deep also processes hash values from hash sets in EnCase format (.hash). Please see the changelog for details and further bug fixes.
BinHash by Chris Rohls calculates the usual hash sums like MD5 and SHA-1 on program files that are in either ELF (Unix) or PE (Microsoft Windows) format. Unlike similar tools the hashes are not calculated and displayed for the whole file, but for every single section. The author makes use of this technique in order to compare variants of malware. Some time ago I had proposed the same technique for memory analysis purposes.
Continue reading Hashing of Program Files.
In an earlier post I had described how a hex editor can be used to enumerate the members of a group out of the security manager's database. By request of a reader I now release the complete template for the 010 Editor.
Continue reading Templates for Groups.
