similar to: Memory Forensics of OpenSSH

All, Greetings. I am new to this mailing list. We have been working with XML for digital forensics. One of the areas that we wish to create a schema for is the representation of registry entries. We are interested in hivexml as a tool for extracting the registry as an XML representation. In our discussion with possible users, we have generally come to the conclusion that it is useful to

Thank you all for your suggestions! Richard W.M. Jones: > I keep meaning to write a comprehensive "virt-diff" tool. I needed it > myself just yesterday. Most interesting. I guess there are two reasons for creating such a tool: just compare the images (show the diff) and/or check for malicious additions in the other image. Did you consider implementing the former or both? Do

1. Does variable FSB block sizing extend to files larger than record size, concerning the last FSB allocated? In other words, for files larger than 128KB, that utilize more than one full recordsize FSB, will the LAST FSB allocated be ''right-sized'' to fit the remaining data, or will ZFS allocate a full recordsize FSB for the last ''chunk'' of the file? (This is

Hello. I'm interested in running guests as read-only to turn them into a sort of virtualized "live=cd". The goal is to leave no forensic evidence on the host disk or virtual one which would lead to traces on the host still- similar to how TAILS works but with the added convenince and flexibility of running in a VM. If I set the qcow image to read-only as per the manual, will any

On Sun, Jun 24, 2018 at 23:29:13 +0000, procmem wrote: > Hello. I'm interested in running guests as read-only to turn them into a > sort of virtualized "live=cd". The goal is to leave no forensic evidence > on the host disk or virtual one which would lead to traces on the host > still- similar to how TAILS works but with the added convenince and > flexibility of

greetings list, i am creating a new thread because of comment made by; From: Nicolas Thierry-Mieg <Nicolas.Thierry-Mieg at imag.fr> in thread "Subject: [CentOS] erase disk". in past readings about; erasing an hdd, forensics of hard disk drives, dban, destroying hdd i submit these links for those who may wish to further their knowledge on primaries of hdd forensics;

I am using R for environmental forensics (determination of the sources and/or groupings in mixtures of organic chemicals in the field). The goal is to determine in there are groups of samples with similar/dissimilar compositions, and to assign samples to a potential source or a mixture of sources based on the composition (unmixing and source allocation). Typically there are 10 to 50 chemicals that

Hi, I'd like to build a toolkit CD specifically for conducting forensics on FreeBSD. I'm not talking about a bootable CD but rather one that I could pop into a CD ROM drive and run trusted commands like ps, netstat, ls, etc., from. I'd like to build a CD that would work on -RELEASE versions of FreeBSD like 5.1 and -STABLE versions of FreeBSD too. Can anyone give me any pointers

Hi, I'd like to build a toolkit CD specifically for conducting forensics on FreeBSD. I'm not talking about a bootable CD but rather one that I could pop into a CD ROM drive and run trusted commands like ps, netstat, ls, etc., from. I'd like to build a CD that would work on -RELEASE versions of FreeBSD like 5.1 and -STABLE versions of FreeBSD too. Can anyone give me any pointers

Hi all: Thanks for your attention. I have a question about smb.conf. I want add ‘everyone’ to write list of a share, but ‘ALL’ and ‘everyone’ doesn’t work, I want to know how to add everyone to write list ? thanks ________________________________ fengwei 11322 (RD) -------------------------------------------------------------------------------------------------------------------------------------

Hi list, I suppose we could use uintptr_t to simplify pointer handling in libFLAC/memory.c. The patch is attached. Passed build on gnu environment. Thanks. Regards yfw -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.xiph.org/pipermail/flac-dev/attachments/20140307/8c9605d2/attachment.htm -------------- next part -------------- A non-text attachment

Greetings. I am new to this list. I am writing to you about hivexml. Richard Jones told me that he was considering abandoning this program. Instead, I am willing to take over maintenance of it. I am involved in computer forensics. I are in the midst of developing an XML standard to describe the Windows Registry. There are several programs that export the windows registry at XML. I have

Hi all, Piping in here as someone who has worked on file system and Registry differencing for a few years now. Taking diffs of a storage system is not a straightforward task. Hopefully, this message saves you some re-implementation heartache. In the forensics world, there is a tool called Fiwalk, which enumerates the contents of a file system and its metadata (with some basic data summaries,

On Wed, Mar 02, 2016 at 05:47:40PM +0200, noxdafox wrote: > Greetings, > > I am playing around with the idea of using libguestfs as a forensic > tool to investigate VM disk images. > > Some use cases as example: > * Sandbox for malware analysis. > * Incident response in cloud environments. > > Libguestfs is a precious resource in this case as it allows to >

On Wed, Mar 02, 2016 at 05:59:32PM +0200, noxdafox wrote: > One of the patches I'm talking about would add TSK (The Sleuth Kit) > as a dependency within the appliance. > > This would bring new APIs such as: > 'fls' more powerful 'ls' command allowing to get list of deleted > files or timelines at a given path. > 'icat' similar to ntfscat-i but it

On 02/03/16 18:24, Richard W.M. Jones wrote: > On Wed, Mar 02, 2016 at 05:59:32PM +0200, noxdafox wrote: >> One of the patches I'm talking about would add TSK (The Sleuth Kit) >> as a dependency within the appliance. >> >> This would bring new APIs such as: >> 'fls' more powerful 'ls' command allowing to get list of deleted >> files or

On 02/03/16 17:53, Richard W.M. Jones wrote: > On Wed, Mar 02, 2016 at 05:47:40PM +0200, noxdafox wrote: >> Greetings, >> >> I am playing around with the idea of using libguestfs as a forensic >> tool to investigate VM disk images. >> >> Some use cases as example: >> * Sandbox for malware analysis. >> * Incident response in cloud environments.

Greetings, I am playing around with the idea of using libguestfs as a forensic tool to investigate VM disk images. Some use cases as example: * Sandbox for malware analysis. * Incident response in cloud environments. Libguestfs is a precious resource in this case as it allows to abstract the disk image internals and expose them as mountable devices. Combined with some state of the art

Hi Sorry for the cross-posting, I''d sent this to zfs-code originally. Wrong forum. I''m looking into forensic aspects of ZFS, in particular ways to use ZFS tools to investigate ZFS file systems without writing to the pools. I''m working on a test suite of file system images within VTOC partitions. At the moment, these only have 1 file system per pool per VTOC

Hi I''m looking into forensic aspects of ZFS, in particular ways to use ZFS tools to investigate ZFS file systems without writing to the pools. I''m working on a test suite of file system images within VTOC partitions. At the moment, these only have 1 file system per pool per VTOC partition for simplicity''s sake, and I''m using Solaris 10 6/06, which may not