PenTest, Forensics and Rescue Live CDs

Some pentesting live CDs have been updated recently or will be shortly. Time for an overview.

Disclaimer:

[...]

[RP]: SANS SIFT 3.0 Virtual Machine Released

Finally: the new version of SIFT has been released.

http://digital-forensics.sans.org/blog/2014/03/23/sans-sift-3-0-virtual-machine-released

[RP]: It Is All About Program Execution

Nice article about malware mechanisms and analysis:

It Is All About Program Execution: http://journeyintoir.blogspot.de/2014/01/it-is-all-about-program-execution.html 

[...]

[RP]: FIREBrick: Open Source Hardware Forensic Disk Imager & Write Blocker

Nice: an Open Source write blocker / disk imager for about 199$

FIREBrick: Open Source Hardware Forensic Disk Imager & Write Blocker:
http://digitalfire.ucd.ie/?page_id=1011

[...]

[RP]: Hands on Wireshark

Great tutorial by Hansang Bae:

[...]

My IT Security Notebook

Just out of frustration I’ve started to write my own little IT security notebook. One day :-) it should contain all little facts I need to keep in my “protein computer” but can’t manage to do so. It will be updated as I learn stuff and as needed.

If you find it useful or if you’ve found a bug: drop me a line.

 

[...]

DNS Tunneling

In the class “FOR558: Network Forensics” (SANS London 2012) we got a sample PCAP of a custom DNS tunneling in action.

Because I wanted to continue learning Python and digging deeper into network protocols I decided to create a Python script to analyse this custom DNS tunneling.

Decisions:

[...]

[RP]: Extracting ZeroAccess from NTFS Extended Attributes

just a quick link: Extracting ZeroAccess from NTFS Extended Attributes

[...]

Testing of Forensic Tools

  • Validation of Forensic Tools and Software: A Quick Guide for the Digital Forensic Examiner
    http://www.dfinews.com/print/5684
  • Computer Forensics Tool Testing (CFTT) Project Web Site
    http://www.cftt.nist.gov/
  • Digital Forensics Publications
    http://forensics.marshall.edu/Digital/Digital-Publications.html

[...]

Electronic Crime Scene Investigation

Nice find:

  • Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition
    • http://www.nij.gov/pubs-sum/219941.htm
    • [PDF]: http://www.ncjrs.gov/pdffiles1/nij/219941.pdf
  • Electronic Crime Scene Investigation: An On-the-Scene Reference for First Responders
    • http://www.nij.gov/pubs-sum/227050.htm
    • [PDF]: http://www.ncjrs.gov/pdffiles1/nij/227050.pdf

 

[...]