search for: forensics

greetings list, i am creating a new thread because of comment made by; From: Nicolas Thierry-Mieg <Nicolas.Thierry-Mieg at imag.fr> in thread "Subject: [CentOS] erase disk". in past readings about; erasing an hdd, forensics of hard disk drives, dban, destroying hdd i submit these links for those who may wish to further their knowledge on primaries of hdd forensics; hard disk drive forensics - Ixquick Web Search https://ixquick.com/do/search?q=%22hard+disk+drive+forensics%22&lui=english About 28 results hdd fore...

A lot of people in the security community, myself included, are interested in memory forensics these days. Virtualization is a natural fit with memory forensics because it allows one to get access to a guest's memory without having to introduce any extra software into the guest or otherwise interfere with it. Incident responders are particularly interested in getting memory dumps from...

Greetings, I am playing around with the idea of using libguestfs as a forensic tool to investigate VM disk images. Some use cases as example: * Sandbox for malware analysis. * Incident response in cloud environments. Libguestfs is a precious resource in this case as it allows to abstract the disk image internals and expose them as mountable devices. Combined with some state of the art

Hi, I'd like to build a toolkit CD specifically for conducting forensics on FreeBSD. I'm not talking about a bootable CD but rather one that I could pop into a CD ROM drive and run trusted commands like ps, netstat, ls, etc., from. I'd like to build a CD that would work on -RELEASE versions of FreeBSD like 5.1 and -STABLE versions of FreeBSD too. Can anyone g...

Hi, I'd like to build a toolkit CD specifically for conducting forensics on FreeBSD. I'm not talking about a bootable CD but rather one that I could pop into a CD ROM drive and run trusted commands like ps, netstat, ls, etc., from. I'd like to build a CD that would work on -RELEASE versions of FreeBSD like 5.1 and -STABLE versions of FreeBSD too. Can anyone g...

Hello. I'm interested in running guests as read-only to turn them into a sort of virtualized "live=cd". The goal is to leave no forensic evidence on the host disk or virtual one which would lead to traces on the host still- similar to how TAILS works but with the added convenince and flexibility of running in a VM. If I set the qcow image to read-only as per the manual, will any

On Wed, Mar 02, 2016 at 05:47:40PM +0200, noxdafox wrote: > Greetings, > > I am playing around with the idea of using libguestfs as a forensic > tool to investigate VM disk images. > > Some use cases as example: > * Sandbox for malware analysis. > * Incident response in cloud environments. > > Libguestfs is a precious resource in this case as it allows to >

Hello List, One of my project needs memory forensics of OpenSSH. Here is a brief description of the problem: I have a raw memory dump, and all of the kernel data structures (e.g., task_struct, mm_struct) have been figured out. Now, I want to retrieve the data structures (e.g., struct session_state) of an SSH process instance. Finding a session key (...

I am using R for environmental forensics (determination of the sources and/or groupings in mixtures of organic chemicals in the field). The goal is to determine in there are groups of samples with similar/dissimilar compositions, and to assign samples to a potential source or a mixture of sources based on the composition (unmixing and sou...

In the same vein, I am receiving forensic DMARC reports from mx01.nausch.org. Whenever I send a message to the mailing list or when my server sends a DMARC report, I'm getting a DMARC Forensic report. It's odd, because the actual report tells me both DKIM and SPF (in the the of a DMARC report) pass... Here is what I am getting : This is an authentication failure report for an email

On 02/03/16 17:53, Richard W.M. Jones wrote: > On Wed, Mar 02, 2016 at 05:47:40PM +0200, noxdafox wrote: >> Greetings, >> >> I am playing around with the idea of using libguestfs as a forensic >> tool to investigate VM disk images. >> >> Some use cases as example: >> * Sandbox for malware analysis. >> * Incident response in cloud environments.

On Sun, Jun 24, 2018 at 23:29:13 +0000, procmem wrote: > Hello. I'm interested in running guests as read-only to turn them into a > sort of virtualized "live=cd". The goal is to leave no forensic evidence > on the host disk or virtual one which would lead to traces on the host > still- similar to how TAILS works but with the added convenince and > flexibility of

All, Greetings. I am new to this mailing list. We have been working with XML for digital forensics. One of the areas that we wish to create a schema for is the representation of registry entries. We are interested in hivexml as a tool for extracting the registry as an XML representation. In our discussion with possible users, we have generally come to the conclusion that it is useful to repres...

On Wed, Mar 02, 2016 at 05:59:32PM +0200, noxdafox wrote: > One of the patches I'm talking about would add TSK (The Sleuth Kit) > as a dependency within the appliance. > > This would bring new APIs such as: > 'fls' more powerful 'ls' command allowing to get list of deleted > files or timelines at a given path. > 'icat' similar to ntfscat-i but it

1. Does variable FSB block sizing extend to files larger than record size, concerning the last FSB allocated? In other words, for files larger than 128KB, that utilize more than one full recordsize FSB, will the LAST FSB allocated be ''right-sized'' to fit the remaining data, or will ZFS allocate a full recordsize FSB for the last ''chunk'' of the file? (This is

Respected Sir, I am a MS CS scholar of Virtual University of Pakistan, I want to participate in GSoC 2016 for LLVM. Data Science, Networks, Information security, digital forensics and ethical hacking are my core areas of interest. Currently, I am working on a research project on live forensics of GPU and volatile memories like RAMs and Caches. I am looking forward your guidance to start my contribution for LLVM, thanks in anticipation. Regards Tahir Ramzan --------------...

Hi Sorry for the cross-posting, I''d sent this to zfs-code originally. Wrong forum. I''m looking into forensic aspects of ZFS, in particular ways to use ZFS tools to investigate ZFS file systems without writing to the pools. I''m working on a test suite of file system images within VTOC partitions. At the moment, these only have 1 file system per pool per VTOC

...p://wiki.awebfactory.com.ar/awebfactory/published/DemoAppPart1 When I click on the DepotServer and try to start it WEBbrick is not starting. I can cd to the base directory and run script/server and it works. Any idea what I''m doing wrong? Thanks Greg -- Greg Freemyer The Norcross Group Forensics for the 21st Century

...rt my production instance. Now when I try to run rails/app.devel/script/server it appears to try and run lighttpd. Unfortunately this fails. Do I need to update my lighttpd config to support devel, or somehow force script/server to launch WEBrick? Thanks Greg -- Greg Freemyer The Norcross Group Forensics for the 21st Century

On 02/03/16 18:24, Richard W.M. Jones wrote: > On Wed, Mar 02, 2016 at 05:59:32PM +0200, noxdafox wrote: >> One of the patches I'm talking about would add TSK (The Sleuth Kit) >> as a dependency within the appliance. >> >> This would bring new APIs such as: >> 'fls' more powerful 'ls' command allowing to get list of deleted >> files or