similar to: Memory Forensics of OpenSSH

Displaying 20 results from an estimated 70 matches similar to: "Memory Forensics of OpenSSH"

2010 Mar 19
2
hivexml - Flattened vs. Expanded XML
All, Greetings. I am new to this mailing list. We have been working with XML for digital forensics. One of the areas that we wish to create a schema for is the representation of registry entries. We are interested in hivexml as a tool for extracting the registry as an XML representation. In our discussion with possible users, we have generally come to the conclusion that it is useful to
2013 Nov 22
5
Auditing a vm image - virt-diff - was: Read MBR and store in a file?
Thank you all for your suggestions! Richard W.M. Jones: > I keep meaning to write a comprehensive "virt-diff" tool. I needed it > myself just yesterday. Most interesting. I guess there are two reasons for creating such a tool: just compare the images (show the diff) and/or check for malicious additions in the other image. Did you consider implementing the former or both? Do
2009 Mar 16
1
Forensics related ZFS questions
1. Does variable FSB block sizing extend to files larger than record size, concerning the last FSB allocated? In other words, for files larger than 128KB, that utilize more than one full recordsize FSB, will the LAST FSB allocated be ''right-sized'' to fit the remaining data, or will ZFS allocate a full recordsize FSB for the last ''chunk'' of the file? (This is
2018 Jun 24
2
Read-only Guests for Anti-Forensics
Hello. I'm interested in running guests as read-only to turn them into a sort of virtualized "live=cd". The goal is to leave no forensic evidence on the host disk or virtual one which would lead to traces on the host still- similar to how TAILS works but with the added convenince and flexibility of running in a VM. If I set the qcow image to read-only as per the manual, will any
2018 Jun 26
0
Re: Read-only Guests for Anti-Forensics
On Sun, Jun 24, 2018 at 23:29:13 +0000, procmem wrote: > Hello. I'm interested in running guests as read-only to turn them into a > sort of virtualized "live=cd". The goal is to leave no forensic evidence > on the host disk or virtual one which would lead to traces on the host > still- similar to how TAILS works but with the added convenince and > flexibility of
2013 Sep 27
0
erasing an hdd - forensics of hard disk drives, dban, destroying hdd
greetings list, i am creating a new thread because of comment made by; From: Nicolas Thierry-Mieg <Nicolas.Thierry-Mieg at imag.fr> in thread "Subject: [CentOS] erase disk". in past readings about; erasing an hdd, forensics of hard disk drives, dban, destroying hdd i submit these links for those who may wish to further their knowledge on primaries of hdd forensics;
2006 Mar 23
1
PCA, Source analysis and Unmixing, environmental forensics
I am using R for environmental forensics (determination of the sources and/or groupings in mixtures of organic chemicals in the field). The goal is to determine in there are groups of samples with similar/dissimilar compositions, and to assign samples to a potential source or a mixture of sources based on the composition (unmixing and source allocation). Typically there are 10 to 50 chemicals that
2003 Aug 03
7
Forensics CD Toolkit for FreeBSD
Hi, I'd like to build a toolkit CD specifically for conducting forensics on FreeBSD. I'm not talking about a bootable CD but rather one that I could pop into a CD ROM drive and run trusted commands like ps, netstat, ls, etc., from. I'd like to build a CD that would work on -RELEASE versions of FreeBSD like 5.1 and -STABLE versions of FreeBSD too. Can anyone give me any pointers
2003 Aug 03
7
Forensics CD Toolkit for FreeBSD
Hi, I'd like to build a toolkit CD specifically for conducting forensics on FreeBSD. I'm not talking about a bootable CD but rather one that I could pop into a CD ROM drive and run trusted commands like ps, netstat, ls, etc., from. I'd like to build a CD that would work on -RELEASE versions of FreeBSD like 5.1 and -STABLE versions of FreeBSD too. Can anyone give me any pointers
2016 Dec 21
1
How to add everyone to write list ?
Hi all: Thanks for your attention. I have a question about smb.conf. I want add ‘everyone’ to write list of a share, but ‘ALL’ and ‘everyone’ doesn’t work, I want to know how to add everyone to write list ? thanks ________________________________ fengwei 11322 (RD) -------------------------------------------------------------------------------------------------------------------------------------
2014 Mar 07
1
Using uintptr_t to simplify pointer handling in libFLAC
Hi list, I suppose we could use uintptr_t to simplify pointer handling in libFLAC/memory.c. The patch is attached. Passed build on gnu environment. Thanks. Regards yfw -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.xiph.org/pipermail/flac-dev/attachments/20140307/8c9605d2/attachment.htm -------------- next part -------------- A non-text attachment
2011 May 07
2
hivexml rewrite
Greetings. I am new to this list. I am writing to you about hivexml. Richard Jones told me that he was considering abandoning this program. Instead, I am willing to take over maintenance of it. I am involved in computer forensics. I are in the midst of developing an XML standard to describe the Windows Registry. There are several programs that export the windows registry at XML. I have
2013 Nov 22
0
Re: Auditing a vm image - virt-diff - was: Read MBR and store in a file?
Hi all, Piping in here as someone who has worked on file system and Registry differencing for a few years now. Taking diffs of a storage system is not a straightforward task. Hopefully, this message saves you some re-implementation heartache. In the forensics world, there is a tool called Fiwalk, which enumerates the contents of a file system and its metadata (with some basic data summaries,
2016 Mar 02
0
Re: Libguestfs as filesystem forensic tool
On Wed, Mar 02, 2016 at 05:47:40PM +0200, noxdafox wrote: > Greetings, > > I am playing around with the idea of using libguestfs as a forensic > tool to investigate VM disk images. > > Some use cases as example: > * Sandbox for malware analysis. > * Incident response in cloud environments. > > Libguestfs is a precious resource in this case as it allows to >
2016 Mar 02
0
Re: Libguestfs as filesystem forensic tool
On Wed, Mar 02, 2016 at 05:59:32PM +0200, noxdafox wrote: > One of the patches I'm talking about would add TSK (The Sleuth Kit) > as a dependency within the appliance. > > This would bring new APIs such as: > 'fls' more powerful 'ls' command allowing to get list of deleted > files or timelines at a given path. > 'icat' similar to ntfscat-i but it
2016 Mar 02
1
Re: Libguestfs as filesystem forensic tool
On 02/03/16 18:24, Richard W.M. Jones wrote: > On Wed, Mar 02, 2016 at 05:59:32PM +0200, noxdafox wrote: >> One of the patches I'm talking about would add TSK (The Sleuth Kit) >> as a dependency within the appliance. >> >> This would bring new APIs such as: >> 'fls' more powerful 'ls' command allowing to get list of deleted >> files or
2016 Mar 02
2
Re: Libguestfs as filesystem forensic tool
On 02/03/16 17:53, Richard W.M. Jones wrote: > On Wed, Mar 02, 2016 at 05:47:40PM +0200, noxdafox wrote: >> Greetings, >> >> I am playing around with the idea of using libguestfs as a forensic >> tool to investigate VM disk images. >> >> Some use cases as example: >> * Sandbox for malware analysis. >> * Incident response in cloud environments.
2016 Mar 02
2
Libguestfs as filesystem forensic tool
Greetings, I am playing around with the idea of using libguestfs as a forensic tool to investigate VM disk images. Some use cases as example: * Sandbox for malware analysis. * Incident response in cloud environments. Libguestfs is a precious resource in this case as it allows to abstract the disk image internals and expose them as mountable devices. Combined with some state of the art
2007 Jul 27
1
Read-only (forensic) mounts of ZFS
Hi Sorry for the cross-posting, I''d sent this to zfs-code originally. Wrong forum. I''m looking into forensic aspects of ZFS, in particular ways to use ZFS tools to investigate ZFS file systems without writing to the pools. I''m working on a test suite of file system images within VTOC partitions. At the moment, these only have 1 file system per pool per VTOC
2007 Jul 26
8
Read-only (forensic) mounts of ZFS
Hi I''m looking into forensic aspects of ZFS, in particular ways to use ZFS tools to investigate ZFS file systems without writing to the pools. I''m working on a test suite of file system images within VTOC partitions. At the moment, these only have 1 file system per pool per VTOC partition for simplicity''s sake, and I''m using Solaris 10 6/06, which may not