eyeonforensics.blogspot.com
An Eye on Forensics: March 2011
http://eyeonforensics.blogspot.com/2011_03_01_archive.html
An Eye on Forensics. The continuing journey as a Computer Forensic Analyst. Saturday, March 26, 2011. I read Harlan Carvey's "Windows Registry Forensics". On a flight to Florida last week so I thought I'd write up a little review. If you haven't already read "Windows Forensic Analysis" I highly recommend you do so. The book is layed out in 4 chapters: Analysis, Tools, Case Studies:System and Case Studies: User tracking. The Analysis chapter covers the binary structure of the registry as well as it's main...
eyeonforensics.blogspot.com
An Eye on Forensics: October 2011
http://eyeonforensics.blogspot.com/2011_10_01_archive.html
An Eye on Forensics. The continuing journey as a Computer Forensic Analyst. Saturday, October 15, 2011. MAC(b) Daddy at SecTor. I'm proud to announce that I was invited to deliver I'm your MAC(b) Daddy at SecTor 2011 as well as take part in a full day of training for the Royal Canadian Mounted Police. If you haven't heard about SecTor, read here. It's Canada's largest security conference and is described as "The Canadian DEFCON". Hope to see you there! Links to this post. Subscribe to: Posts (Atom).
eyeonforensics.blogspot.com
An Eye on Forensics: August 2011
http://eyeonforensics.blogspot.com/2011_08_01_archive.html
An Eye on Forensics. The continuing journey as a Computer Forensic Analyst. Tuesday, August 16, 2011. I'm your MAC(b) Daddy at DEFCON 19. For a little background on Timestomping and why attackers are doing it, see Chris's post "Timestomping is for Suckers". I presented a talk on Supertimelines and identifying anti-forensics at DEFCON this year. Aside from some minor issues trying to pull off a live demo, the talk went pretty well. Keep them coming, I’m more than happy to help out where I can. Well, sort ...
eyeonforensics.blogspot.com
An Eye on Forensics: February 2013
http://eyeonforensics.blogspot.com/2013_02_01_archive.html
An Eye on Forensics. The continuing journey as a Computer Forensic Analyst. Tuesday, February 5, 2013. The End Game: Part 1. Last weekI posted about some of the reconnaissance tools that attackers are using against E-Commerce sites, then about what some of the evidence looks like in the logs. Now I want to go over what they are doing with their ill-gotten access. All of this data capture and sale really is the End Game. Its how they get there that I want to talk about. Links to this post. Lets start wit...
eyeonforensics.blogspot.com
An Eye on Forensics: September 2010
http://eyeonforensics.blogspot.com/2010_09_01_archive.html
An Eye on Forensics. The continuing journey as a Computer Forensic Analyst. Thursday, September 9, 2010. A little more love for DEFCON 18. DEFCON featured a number of talks about the Zeus trojan and for good reason. I think it's the most sophisticated mass-use malware ever written. It can keylog, hoard your credit card numbers and even join you to a global botnet. Fun stuff huh? It's current known variants are. So why do we care as forensic analysts? There are a couple pieces here:. 2 Most commercial ant...
eyeonforensics.blogspot.com
An Eye on Forensics: New Year, New Look, New Post: How did they find me? Part 2.
http://eyeonforensics.blogspot.com/2013/02/new-year-new-look-new-post-how-did-they.html
An Eye on Forensics. The continuing journey as a Computer Forensic Analyst. Saturday, February 2, 2013. New Year, New Look, New Post: How did they find me? Last post we went through some of the free utilities available to attackers for reconnaissance purposes. The utilities I talked about in that post are all things that I have seen used over and over again in successful attacks. What I did not touch on was what these attacks look like in Apache and IIS log-files. Grep -i "keyword" -r *. If you find the ...
eyeonforensics.blogspot.com
An Eye on Forensics: I'm your MAC(b) Daddy at DEFCON 19
http://eyeonforensics.blogspot.com/2011/08/im-your-macb-daddy-at-defcon-19.html
An Eye on Forensics. The continuing journey as a Computer Forensic Analyst. Tuesday, August 16, 2011. I'm your MAC(b) Daddy at DEFCON 19. For a little background on Timestomping and why attackers are doing it, see Chris's post "Timestomping is for Suckers". I presented a talk on Supertimelines and identifying anti-forensics at DEFCON this year. Aside from some minor issues trying to pull off a live demo, the talk went pretty well. Keep them coming, I’m more than happy to help out where I can. Well, sort ...
eyeonforensics.blogspot.com
An Eye on Forensics: May 2012
http://eyeonforensics.blogspot.com/2012_05_01_archive.html
An Eye on Forensics. The continuing journey as a Computer Forensic Analyst. Friday, May 25, 2012. How did they find me? I wanted to learn more about E-commerce and the type of breaches that take place so I volunteered to take the bulk of the E-comm cases for my team. Over the last 18 months I went from zero to go-to guy and I learned a lot. Now its time to share. From what Ive seen; there are 3 main phases to a successful website breach:. Links to this post. Subscribe to: Posts (Atom). Lost In The Flood.
eyeonforensics.blogspot.com
An Eye on Forensics: How did they find me?
http://eyeonforensics.blogspot.com/2012/05/how-did-they-find-me.html
An Eye on Forensics. The continuing journey as a Computer Forensic Analyst. Friday, May 25, 2012. How did they find me? I wanted to learn more about E-commerce and the type of breaches that take place so I volunteered to take the bulk of the E-comm cases for my team. Over the last 18 months I went from zero to "go-to guy" and I learned a lot. Now it's time to share. From what I've seen; there are 3 main phases to a successful website breach:. Catalog/advanced search result.php? Keywords=cat /etc/passwd&o...
eyeonforensics.blogspot.com
An Eye on Forensics: July 2010
http://eyeonforensics.blogspot.com/2010_07_01_archive.html
An Eye on Forensics. The continuing journey as a Computer Forensic Analyst. Sunday, July 18, 2010. I haven't posted in a while so I asked my 6 year old boy what he thought I should write about. Neither do entry-level jobs for forensic analysts without a bachelor's degree. I may have more luck looking for a forensics job if I ever decide to leave Montana. That's not a decision I ever want to have to make. Simply put, this place rocks! So what's a guy do to try to make himself more marketable? I got lots o...