Digital Forensics

  • Most Topular Stories

  • Taking Down Fraud Sites is Whac-a-Mole

    Forensic Focus
    20 Apr 2015 | 9:37 am
    I’ve been doing quite a bit of public speaking lately — usually about cybercrime and underground activity — and there’s one question that nearly always comes from the audience: “Why are these fraud Web sites allowed to operate, and not simply taken down?” This post is intended to serve as the go-to spot for answering that question. Q: Why not take down the hundreds of sites now selling stolen credit cards and identity data? For starters, it’s not always so easy to take these sites offline. Many of them rely on domain name registrars that routinely ignore abuse requests. The same…
  • EnCase v7 EnScript to carve RecentFileCache.bcf data from selected file(s)

    Computer Forensics, Malware Analysis & Digital Investigations
    1 Apr 2015 | 5:57 pm
    The following EnScript can be used to quickly search for and parse RecentFileCache data from memory images, unallocated space or the allocated RecentFileCache.bcf file.To use, simple blue check whatever file(s) you want to process, then run the EnScript.Output is to the console and bookmarks: c:\windows\system32\lsass.exec:\windows\system32\lsm.exec:\windows\system32\oobe\windeploy.exec:\windows\system32\sppsvc.exec:\windows\system32\winsat.exec:\windows\system32\rundll32.exec:\windows\system32\mcbuilder.exec:\windows\system32\winhost.exe…
  • "Identifying and Disrupting Crypto-Ransomware (and Destructive Malware)"

    SANS Digital Forensics and Incident Response Blog
    Adam Kramer
    2 Apr 2015 | 8:30 pm
    In recent years, malware has become very personal. Crypto-ransomware threats, including CryptoLocker, CryptoWall and TorrentLocker (pdf), have infected home users, businesses and even police departments, all of whom have had their personal data and hard work held hostage. When we think of precious family photos or an academic thesis being wiped by pure greed, it can become rather emotive. This is nasty stuff, and we need to do something about it!I have been giving some thought to how we can stop crypto-ransomware doing it's thing. Initially, I thought about interfering with the
  • Micro- & Mini-Timelines

    Windows Incident Response
    Harlan Carvey
    19 Apr 2015 | 6:27 am
    I don't always create a timeline of system activity...but sometimes when I do, I don't have all of the data from within the system image available.  Many times, I will create a mini-timeline because all I have available is either limited data sources, or even just a single data source.  I've been sent Event Logs (.evt files) or a couple of Windows Event Logs (.evtx files), and asked to answer specific questions, given some piece of information, such as an indicator or a time frame.  I've had other analysts send me Registry hive files and ask me to determine activity within a…
  • Example of Chinese Military Converging on US Military

    TaoSecurity
    Richard Bejtlich
    13 Apr 2015 | 2:33 pm
    We often hear of vulnerabilities in the US military introduced by net-centric warfare and a reliance on communications network. As the Chinese military modernizes, it will introduce similar vulnerabilities.I found another example of this phenomenon courtesy of Chinascope:PLA Used its Online Purchasing Website for its First Online PurchaseWritten by LKY and AEF   Xinhua reported that on, April 7, the PLA announced that five manufacturers won the bidding, totaling 90 million yuan (US$14.48 million), to supply general and maintenance equipment to the PLA. The article said that these…
  • add this feed to my.Alltop

    SANS Digital Forensics and Incident Response Blog

  • "Identifying and Disrupting Crypto-Ransomware (and Destructive Malware)"

    Adam Kramer
    2 Apr 2015 | 8:30 pm
    In recent years, malware has become very personal. Crypto-ransomware threats, including CryptoLocker, CryptoWall and TorrentLocker (pdf), have infected home users, businesses and even police departments, all of whom have had their personal data and hard work held hostage. When we think of precious family photos or an academic thesis being wiped by pure greed, it can become rather emotive. This is nasty stuff, and we need to do something about it!I have been giving some thought to how we can stop crypto-ransomware doing it's thing. Initially, I thought about interfering with the
  • "Monitoring for Delegation Token Theft"

    Mike Pilkington
    30 Mar 2015 | 3:22 am
    Delegation is a powerful feature of Windows authentication which allows one remote system to effectively forward a user's credentials to another remote system. This is sometimes referred to as the "double-hop". This great power does not come without great risk however, as the delegation access tokens used for this purpose can be stolen by attackers and used for lateral movement. As such, it's important to be aware of this ability and to increase monitoring for malicious use of delegation.In order to monitor delegation activity, you need to identify where delegation is occurring.
  • "Detecting DLL Hijacking on Windows"

    Adam Kramer
    25 Mar 2015 | 3:47 am
    Initially identified fifteen years ago, and clearly articulated by a Microsoft Security Advisory, DLL hijacking is the practice of having a vulnerable application load a malicious library (allowing for the execution of arbitrary code), rather than the legitimate library by placing it at a preferential location as dictated by the Dynamic-Link Library Search Order which is a pre-defined standard on how Microsoft Windows searches for a DLL when the path has not been specified by the developer.Despite published advice on secure development practices to mitigate this threat, being available for…
  • "How Miscreants Hide From Browser Forensics"

    Lenny Zeltser
    23 Mar 2015 | 10:26 pm
    Scammers, intruders and other miscreants often aim to conceal their actions from forensic investigators. When analyzing an IT support scam, I interacted with the person posing as the help desk technician. He brought up a web page on the victim's system to present payment form, so the person would supply contact and credit card details. He did this in a surprising manner, designed to conceal the destination URL.
  • "Just-In-Time VirusTotal Hash Checking"

    Adam Kramer
    18 Mar 2015 | 9:45 pm
    Hardly a day goes by without me hearing the phrase 'Threat Intelligence' being used in the context of big budget enterprise protection, but recently I have been giving some thought to what this means to the home user and small business.Most computers have (or at least, should have!) up-to-date antivirus software installed which provides a certain degree of protection and gives insight on whether a particular file, or set or circumstances, are suspicious according to vendor X (using signatures, reputation lookup and several other methods), but I'm sure there is more that the open source cyber…
 
  • add this feed to my.Alltop

    Windows Incident Response

  • Micro- & Mini-Timelines

    Harlan Carvey
    19 Apr 2015 | 6:27 am
    I don't always create a timeline of system activity...but sometimes when I do, I don't have all of the data from within the system image available.  Many times, I will create a mini-timeline because all I have available is either limited data sources, or even just a single data source.  I've been sent Event Logs (.evt files) or a couple of Windows Event Logs (.evtx files), and asked to answer specific questions, given some piece of information, such as an indicator or a time frame.  I've had other analysts send me Registry hive files and ask me to determine activity within a…
  • Talk Notes

    Harlan Carvey
    10 Apr 2015 | 7:58 am
    Thanks to Corey Harrell, I was watching the Intro to Large Scale Detection Hunting presentation from the NoLaSec meeting in Dec, 2014, and I started to have some thoughts about what was being said.  I looked at the comments field on YouTube, as well as on David's blog, but thought I would put my comments here instead, as it would give me an opportunity to structure them and build them out a bit before hitting the "send" button.First off, let me say that I thought the talk was really good.  I get that it was an intro talk, and that it wasn't going to cover anything in any…
  • Blogging

    Harlan Carvey
    6 Apr 2015 | 7:21 am
    I caught an interesting thread on Twitter last week..."interesting" in the sense that it revisited one of the questions I see (or hear) quite a bit in DFIR circles; that is, how does one get started in the DFIR community?  The salient points of this thread covered blogging (writing, in general) and interacting within the community.  Blogging is a great way for anyone, regardless of how long you've been "doing" DFIR, to engage and interact with the community at large.WritingWriting isn't easy.  I get it.  I'm as much a nerd as anyone reading this blog, and I feel the same…
  • Perspectives on Threat Intel

    Harlan Carvey
    15 Mar 2015 | 6:25 am
    Source: detect-respond.blogspot.comA while back, I tweeted, saying that "threat intel has it's own order of volatility".  That tweet got one RT and 2 favorites, and at the time, not much of a response beyond that.  Along the way, someone did disagree with me on that, stating that rather than an "order of volatility", threat intel instead has a "shelf life". Thinking about it, I can see where both are true.To begin with, let's consider this "order of volatility"...what am I referring to?  Essentially, what I'm talking about was detailed in 2002, in RFC 3227, Guidelines for…
  • Links

    Harlan Carvey
    10 Mar 2015 | 5:53 pm
    Revisiting MacrosKahu Security posted this recent blog article that was pretty interesting.  I thought that the trick that was used was pretty interesting, and yes, "sneaky"...but part of me was wondering what this sort of thing would "look like" within a system image.  What I mean is, if you're tasked with looking at an image of a system that may have been infected via this sort of trick, what would you look for?The first thing that jumps out at me is the warning displayed in Word, in the second figure in the post.  Once the user clicks on the "Enable Content"…
  • add this feed to my.Alltop

    TaoSecurity

  • Example of Chinese Military Converging on US Military

    Richard Bejtlich
    13 Apr 2015 | 2:33 pm
    We often hear of vulnerabilities in the US military introduced by net-centric warfare and a reliance on communications network. As the Chinese military modernizes, it will introduce similar vulnerabilities.I found another example of this phenomenon courtesy of Chinascope:PLA Used its Online Purchasing Website for its First Online PurchaseWritten by LKY and AEF   Xinhua reported that on, April 7, the PLA announced that five manufacturers won the bidding, totaling 90 million yuan (US$14.48 million), to supply general and maintenance equipment to the PLA. The article said that these…
  • Network Security Monitoring Remains Relevant

    Richard Bejtlich
    13 Apr 2015 | 12:25 pm
    Cylance blogged today about a Redirect to SMB problem found in many Windows applications. Unfortunately, it facilitates credential theft. Steve Ragan wrote a good story discussing the problem. Note this issue does not rely on malware, at least not directly. It's a problem with Microsoft's Server Message Block protocol, with deep historical roots.(Mitigating Service Account Credential Theft on Windows [pdf] is a good paper on mitigation techniques for a variety of SMB problems.)Rather than discussing the technical problem, I wanted to make a different point. After reading about this…
  • Please Support OpenNSM Group

    Richard Bejtlich
    12 Apr 2015 | 8:25 am
    Do you believe in finding and removing intruders on the network before they cause damage? Do you want to support like-minded people? If you answered "yes," I'd like to tell you about a group that shares your views and needs your help.In August 2014, Jon Schipp started the Open (-Source) Network Security Monitoring Group (OpenNSM). Jon is a security engineer at the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign. In his announcement on the project's mailing list, Jon wrote:The idea for this group came from a suggestion in Richard Bejtlich's…
  • The Attack on GitHub Must Stop

    Richard Bejtlich
    27 Mar 2015 | 4:40 pm
    For many years, private organizations in the West have endured attacks by the Chinese government, its proxies, and other parties. These intruders infiltrated private organizations to steal data. Those not associated with the targeted organizations were generally not directly affected.Today an action by the Chinese government is affecting millions of users around the world. This is unacceptable.You may be aware that an American technology company, GitHub, is suffering a massive distributed denial of service attack, at the time of writing.According to Insight Labs, Internet traffic within China…
  • Can Interrogators Teach Digital Security Pros?

    Richard Bejtlich
    24 Mar 2015 | 1:38 pm
    Recently Bloomberg published an article titled The Dark Science of Interrogation. I was fascinated by this article because I graduated from the SERE program at the US Air Force Academy in the summer of 1991, after my freshman year there. SERE teaches how to resist the interrogation methods used against prisoners of war. When I attended the school, the content was based on techniques used by Korea and Vietnam against American POWs in the 1950s-1970s.As I read the article, I realized the subject matter reminded me of another aspect of my professional life.In intelligence, as in the most mundane…
 
  • add this feed to my.Alltop

    digital forensics - Google News

  • FBI Director visits Champlain College - BurlingtonFreePress.com

    25 Apr 2015 | 3:49 am
    BurlingtonFreePress.comFBI Director visits Champlain CollegeBurlingtonFreePress.comThe president noted Leahy helped secure a $650,000 grant in 2006 to staff the digital forensics program at Champlain College and to conduct digital investigations with Vermont law enforcement. Four years later Champlain received a three-year $500,000 ...FBI director tours digital lab at Champlain CollegeWCAXFBI Director Talks Cyber-Terrorism in BurlingtonMy Champlain Valley FOX44 & ABC22all 33 news articles »
  • Students learn important secrets behind cyber forensics - Indianapolis Business Journal

    22 Apr 2015 | 9:56 pm
    Students learn important secrets behind cyber forensicsIndianapolis Business JournalAbout 60 current Ball State students are digital forensics minors, according to criminal justice and criminology department chairman Greg Morrison. Required courses include criminology, policing, criminal evidence, criminal law, computer science and more »
  • Students explore digital forensics at MU - Huntington Herald Dispatch

    21 Apr 2015 | 8:36 pm
    Huntington Herald DispatchStudents explore digital forensics at MUHuntington Herald DispatchHUNTINGTON — West Virginia high school students and forensic professionals were brought together by the Marshall University Forensic Science Center on Tuesday during the second day of the sixth annual Appalachian Institute of Digital Evidence ...Sixth annual Appalachian Institute of Digital Evidence Conference hosted by HNN Huntingtonnews.netMarshall invites students to conference on digital evidenceWOWKall 10 news articles »
  • BSU students learn cyber forensics - Muncie Star Press

    13 Apr 2015 | 3:30 pm
    Muncie Star PressBSU students learn cyber forensicsMuncie Star PressAbout 60 current Ball State students are digital forensics minors, according to criminal justice and criminology department chairperson Greg Morrison. Required courses include criminology, policing, criminal evidence, criminal law, computer science, ...
  • Digital Forensics Market to Reach $4.7B in 2020 - I-Connect007

    9 Apr 2015 | 7:56 am
    Digital Forensics Market to Reach $4.7B in 2020I-Connect007Sony Corp. was coerced to bring in specialist forensics firms Data Forte, Guidance Software, and Protiviti to help investigate the data breaches that compromised user account information of more than 100 million of its customers. This indicates that
  • add this feed to my.Alltop

    Checkmate

  • Server Side Request Forgery (SSRF)

    Nilesh Sapariya
    15 Apr 2015 | 4:33 am
    Introduction Is your server protected against port scanning?  The general answer will be “Yes, I have a firewall which restricts access to internal servers from the Internet.” What if I tell you I can still scan the ports on your server and your firewall wouldn’t know about it! If the web application running on a Read More... The post Server Side Request Forgery (SSRF) appeared first on Checkmate.
  • PCI DSS Penetration Testing Guidance

    Wasim Halani
    10 Apr 2015 | 5:40 am
    The Payment Card Industry Security Standards Council recently released their updated Information Supplement: Penetration Testing Guidance. The guidance document was last published in 2008 under the heading ‘Requirement 11.3 Penetration Testing’ The updated document marks a major difference in the approach taken by the PCI Council to clarify and educate stakeholders about the standard’s requirements Read More... The post PCI DSS Penetration Testing Guidance appeared first on Checkmate.
  • Anatomy of a Credit Card Stealing POS Malware

    Monika Kachroo
    2 Mar 2015 | 10:13 pm
    INTRODUCTION Point-of-sale (POS) is the place where a retail transaction is completed. It is the point at which a customer makes a payment to the merchant in exchange for goods or services. Majority of retail POS systems also include a debit/credit card reader. POINT-OF-SALE INTRUSIONS What is it? When attackers compromise the computers and servers Read More... The post Anatomy of a Credit Card Stealing POS Malware appeared first on Checkmate.
  • Cuckoo Sandbox 102: State-of-the-art Malware Analysis

    Sumit Shrivastava
    2 Mar 2015 | 12:55 am
    Introduction Cuckoo Sandbox is an Open Source Automated Malware Analysis system that has been gaining more and more attention in recent years. The fact that Cuckoo is fully open source makes it a very interesting system for those that want to modify its internals, experiment with automated malware analysis, and setup scalable and cheap malware Read More... The post Cuckoo Sandbox 102: State-of-the-art Malware Analysis appeared first on Checkmate.
  • Asus RT-N10 Plus Cross Site Scripting CVE-2015-1437

    Kaustubh Padwad
    16 Feb 2015 | 3:00 am
    Overview ASUS Router RT-N10 Plus is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the result_of_get_changed_status.asp script. A remote authenticated attacker could exploit this vulnerability using the flag parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once Read More... The post Asus RT-N10 Plus Cross Site Scripting CVE-2015-1437 appeared first on Checkmate.
 
  • add this feed to my.Alltop

    Forensic Focus

  • Webinar: Policing the digital crimes of today

    24 Apr 2015 | 4:59 am
    Date/Time: Tuesday 5th May, 4pm BST/11am EDT Speakers: Paul Slater, Director of Forensic Solutions EMEA at Nuix and Troy Bettencourt, Sales Engineer NA at Nuix Investigators who are working with legacy digital forensic tools and faced with shrinking budgets often find it hard to see how they can keep up. Join this webinar to find out how you can work smarter, not harder, during a forensic investigation. Learn how to simplify, streamline and automate your workflows, analytics and review processes to help you deal with growing volumes of digital evidence and shrinking budgets. We'll show you…
  • Forensic Focus Forum Round-Up

    24 Apr 2015 | 1:51 am
    Welcome to this round-up of recent posts to the Forensic Focus forums. How would you acquire data from a password protected MS Surface Pro? Forum members discuss malware risk mitigation on forensic workstations. How can a split E01 image of a Windows 7 Enterprise SP1 physical disk protected by BitLocker be mounted? Forum members come up with a solution. Minime2k9 asks how to find evidence of remote desktop login outside of the Windows Security log. Should you keep a chain of custody for forensic investigations in corporate environments? Add your thoughts on the forum. Forum members discuss a…
  • Interview with Bruno Kerouanton, CISO of the Republic and Canton of Jura

    23 Apr 2015 | 3:28 am
    Bruno, you're CISO of the Republic and Canton of Jura in Switzerland. Could you tell us a bit about your job and what a typical day involves? Sure. As Chief Security Officer for cybersecurity I'm involved in ensuring security of the state. That means we have mostly 400 locations for different applications, for example schools, healthcare industry, roads, taxes, police and so on. So the perimeter I have to secure is quite broad. The problem we have is that I have to check all the risks involving this perimeter and also understand the needs of the business, because every business has different…
  • Head replacement tools for "landing zone" HDDs

    22 Apr 2015 | 9:27 am
    Very important part of HDD functioning is a principle of heads parking while device is turned off. During the decades of HDD development, numerous improvements in this area were seen. These changes positively affected data security, capacity, product lifetime and decreased device dimensions. When hard drive is turned off, its sensitive heads must be parked at a "safe place". This safe area, must be designed in such way, that read/write heads can't be damaged and that valuable data is not threatened in any way.
  • Taking Down Fraud Sites is Whac-a-Mole

    20 Apr 2015 | 9:37 am
    I’ve been doing quite a bit of public speaking lately — usually about cybercrime and underground activity — and there’s one question that nearly always comes from the audience: “Why are these fraud Web sites allowed to operate, and not simply taken down?” This post is intended to serve as the go-to spot for answering that question. Q: Why not take down the hundreds of sites now selling stolen credit cards and identity data? For starters, it’s not always so easy to take these sites offline. Many of them rely on domain name registrars that routinely ignore abuse requests. The same…
  • add this feed to my.Alltop

    (ISC)2 Blog

  • (ISC)² Study: Workforce Shortfall Due to Hiring Difficulties Despite Rising Salaries, Increased Budgets and High Job Satisfaction Rate

    (ISC)² Management
    17 Apr 2015 | 6:52 am
    How can there be a workforce shortage in information security if global professionals are reporting rising salaries, increased budgets, high job satisfaction rates and low changes in employment status? The results of the seventh (ISC)² Global Information Security Workforce Study (GISWS) conducted by Frost & Sullivan for the (ISC)² Foundation with the support of Booz Allen Hamilton, Cyber 360 Solutions and NRI Secure Technologies reveal that the security of businesses is being threatened by reports of understaffed teams dealing with the complexity of multiple security technologies and…
  • (ISC)² Directors, Executives and Advisory Council Members Speaking at the RSA 2015 Conference

    (ISC)² Management
    15 Apr 2015 | 2:05 pm
    Don't miss the speaking sessions at next week's RSA Conference by members of the (ISC)² Board of Directors, Executive and Management Teams, (ISC)² Foundation, the (ISC)² Application Security Advisory Council and North America Advisory Council. Follow the discussions around some of these sessions on Twitter @ISC2 and #RSAC and Facebook /isc2fb. Also, don't forget to stop by our booth - #108 & 109. Monday, April 20Session Title: Status of the Industry: 2015 Global Information Security Workforce Study 9:00 a.m.-9:50 a.m./West/Room 3022 Status of the Industry: 2015 Global…
  • (ISC)² Global Academic Program Fills the Gap Between Schools and the Cybersecurity Skills Crisis

    (ISC)² Management
    8 Apr 2015 | 9:07 am
    There is a well-documented, widely recognized shortage of information security professionals. From our own most recent Global Information Security Workforce Study[i], 56% of 12,000 respondents from around the globe believe there is a workforce shortage. In November of last year, a special Parliamentary Select Committee in the United Kingdom’s House of Lords reported that we’re facing a global shortage of “no less than two million cybersecurity professionals”2 by the year 2017. And in 2013, a U.S. Government Accountability Office (GAO) report stated that the vacancy rate of the…
  • IT Security essentials for small and medium enterprises

    Sorin Mustaca
    22 Mar 2015 | 2:45 pm
    Since I first published the free eBook "Improve your security" dedicated to end users, I've been asked many times to give advises for small and medium enterprises. At first, I thought that this is a very different topic than what I wrote before. However, after some thinking, I realized, that difference between the behavior of end-users at home and in the office of a small to medium companies, doesn't differ that much. After all, it is no secret that the cyber criminals are where the money are. If the targets are easy to breach, it is even better since this…
  • Comments from (ISC)² Leadership on Premera Blue Cross Breach

    (ISC)² Management
    18 Mar 2015 | 7:17 am
    Those of us within the information security industry have known for some time that the healthcare industry was going to be a prime target for these types of attacks. Unfortunately, we’re likely to continue to see more of these breaches as the healthcare industry scrambles to improve its information security posture. I think we’re all concerned about the broad implications of these breaches regarding potential fraud, identity theft and the other strategies criminals use to monetize healthcare information.-David Shearer, CISSP, PMP, Executive Director, (ISC)² As the hacking assault on…
  • add this feed to my.Alltop

    Computer Forensics, Malware Analysis & Digital Investigations

  • EnCase v7 EnScript to carve RecentFileCache.bcf data from selected file(s)

    1 Apr 2015 | 5:57 pm
    The following EnScript can be used to quickly search for and parse RecentFileCache data from memory images, unallocated space or the allocated RecentFileCache.bcf file.To use, simple blue check whatever file(s) you want to process, then run the EnScript.Output is to the console and bookmarks: c:\windows\system32\lsass.exec:\windows\system32\lsm.exec:\windows\system32\oobe\windeploy.exec:\windows\system32\sppsvc.exec:\windows\system32\winsat.exec:\windows\system32\rundll32.exec:\windows\system32\mcbuilder.exec:\windows\system32\winhost.exe…
  • EnCase v7 EnScript to report on file types by extension

    1 Apr 2015 | 3:19 pm
    Several years ago I wrote a quick EnScript to produce a quick report of how many files with each extension were found in the case. That EnScript was originally written for EnCase v6 and not compiled so it could be used as a learning exercise.I recently had a request to update this EnScript for EnCase v7 and to add the byte count for each extension.The output goes to a TSV file in the case export folder and to the console:Extension: txt    Count: 9    Size:6787Extension: csv    Count: 16    Size:1357315Extension: dat   …
  • EnCase v7 EnScript to find files based on MD5 hash values

    18 Aug 2014 | 5:02 pm
    I had written a version of this years ago for EnCase v6 and I was recently asked to update it for EnCase v7.One EnScript listed below will generate a text files of SELECTED files. That text file can then be used on subsequent cases to help find/identify files with the same hash value.To use, you do not need to generate hash values, the EnScript will do it automatically. The second EnScript is also optimized to first match file sizes first before generating/comparing hash values to help reduce the time needed for the comparison, thus saving the need to hash everything in the…
  • EnCase v7 EnScript to quickly provide MD5/SHA1 hash values and entropy of selected files

    10 Apr 2014 | 9:22 pm
    I recently had the need to quickly triage and hash several specific files within a case, but I did not want to (or possibly could not) run the "process evidence" option to generate hash values for *all* files.EnCase v7 has the ability to generate hash values of selected files through the right-click context menu->Entries->Hash/Sig Selected files.The downside to this option is that it requires you to close the "evidence" tab and then reopen it, causing you to lose your place/highlighted file.So I wanted a way to quickly generate the MD5 & SHA1 hash so that I could…
  • EnCase EnScript to show file summary of user's profile by extension

    20 Mar 2014 | 10:33 pm
    This is another "quick hit" EnScript to generate a quick report on the types of files under a user's profile based on file extensions. The EnScript will automatically create an Excel spreadsheet, with a sheet for each user, showing the total number of files for each extension and the total number of bytes for each extension, percentage for each extension and total bytes for each summary. Folders and files with zero logical size are ignored:Download EnCase v6 EnScript Here
 
  • add this feed to my.Alltop

    Secure Hunter Anti-Malware » Secure Hunter Blog

  • Bioazih RAT: How clean-file metadata can help keep you safe

    shadmin
    25 Apr 2015 | 3:01 pm
    As mentioned in our previous blog post about the Microsoft Clean-File Metadata initiative, there are a number of benefits for our partners and customers who use our clean or released-file metadata, specifically during antimalware whitelisting efforts. Using the authoritative metadata manifest of Microsoft-released files that are found in our clean-file metadata feed can help reduce antimalware resources spent flagging known bad files by eliminating already known good files. It can also help our partners and customers quickly categorize fake Microsoft files – files that can be used…
  • Bioazih RAT: How clean-file metadata can help keep you safe

    shadmin
    25 Apr 2015 | 9:00 am
    As mentioned in our previous blog post about the Microsoft Clean-File Metadata initiative, there are a number of benefits for our partners and customers who use our clean or released-file metadata, specifically during antimalware whitelisting efforts. Using the authoritative metadata manifest of Microsoft-released files that are found in our clean-file metadata feed can help reduce antimalware resources spent flagging known bad files by eliminating already known good files. It can also help our partners and customers quickly categorize fake Microsoft files – files that can be used…
  • Bioazih RAT: How clean-file metadata can help keep you safe

    shadmin
    25 Apr 2015 | 2:55 am
    As mentioned in our previous blog post about the Microsoft Clean-File Metadata initiative, there are a number of benefits for our partners and customers who use our clean or released-file metadata, specifically during antimalware whitelisting efforts. Using the authoritative metadata manifest of Microsoft-released files that are found in our clean-file metadata feed can help reduce antimalware resources spent flagging known bad files by eliminating already known good files. It can also help our partners and customers quickly categorize fake Microsoft files – files that can be used…
  • Bioazih RAT: How clean-file metadata can help keep you safe

    shadmin
    24 Apr 2015 | 8:53 pm
    As mentioned in our previous blog post about the Microsoft Clean-File Metadata initiative, there are a number of benefits for our partners and customers who use our clean or released-file metadata, specifically during antimalware whitelisting efforts. Using the authoritative metadata manifest of Microsoft-released files that are found in our clean-file metadata feed can help reduce antimalware resources spent flagging known bad files by eliminating already known good files. It can also help our partners and customers quickly categorize fake Microsoft files – files that can be used…
  • Bioazih RAT: How clean-file metadata can help keep you safe

    shadmin
    24 Apr 2015 | 2:49 pm
    As mentioned in our previous blog post about the Microsoft Clean-File Metadata initiative, there are a number of benefits for our partners and customers who use our clean or released-file metadata, specifically during antimalware whitelisting efforts. Using the authoritative metadata manifest of Microsoft-released files that are found in our clean-file metadata feed can help reduce antimalware resources spent flagging known bad files by eliminating already known good files. It can also help our partners and customers quickly categorize fake Microsoft files – files that can be used…
Log in