Jesse Kornblum just released the first publicly available version of his new program SSdeep. SSdeep detects similarities between files based on hash values.
As previously noted, a binary reconstructed from a memory dump may not match with the original file on disk. This raises the question how hash creation and file authentication procedures must be changed in order to provide this functionality.
I recently reported the availability of a new version of MANDIANT First Response. The program looked interesting to me, so I promised to take a closer look. Now, here are the results.
In a press release AccessData announces that version 2.0 of its Forensic Tool Kit (FTK) will be based on an Oracle database.
NIST has released six hardware write block test reports.