7MS #300: Windows System Forensics 101 - Part 2
7 Minute Security9 Mars 2018

7MS #300: Windows System Forensics 101 - Part 2

In today's continuation of last week's episode I'm continuing a discussion on using free tools to triage Windows systems - be they infected or just acting suspicious. Specifically, those tools include:

  • FTK Imager - does a dandy job of creating memory dumps and/or full disk backups of a live system. You can also make a portable version by installing FTK Imager on a machine, then copying the C:\Program Files\wherever\FTK Imager\lives to a USB drive. FTK on the go!

  • Redline grabs a full forensics pack of data from a machine and helps you pick apart memory strings, network connections, event logs, URL history, etc. The tool helps you dig deep into the timeline of a machine and figure out "What the heck has this machine been doing from time X to Y?"

  • DumpIt does quick n' dirty memory dumps of machines.

  • Volatility allow you to, in a relatively low number of commands, determine if a machine has been up to no good. One of my favorite features is extracting malware right out of the memory image and analyzing it on a separate Linux VM with something like ClamAV.

Avsnitt(683)

7MS #43: Why Web Site Vulnerability Scanners Can Ruin Your Day (audio)

7MS #43: Why Web Site Vulnerability Scanners Can Ruin Your Day (audio)

Did you know that Web site vulnerability scanners can destroy your customer sites? If not, listen to this. 7MS #43: Why Web Site Vulnerability Scanners Can Ruin Your Day (audio)

28 Feb 20157min

7MS #42: Vulnerability Scans vs. Pentests (audio)

7MS #42: Vulnerability Scans vs. Pentests (audio)

I think everybody throws around the terms “vulnerability scans” and “pentests” and they mean completely different things from one person to the next. In this episode I try to clarify the differences and distinctions (in my mind, anyways). 7MS #42: Vulnerability Scans vs. Pentests (audio)

14 Feb 20157min

7MS #41: OSCP – Part 7 (audio)

7MS #41: OSCP – Part 7 (audio)

Tried of talking about OSCP yet? Me neither! 7MS #41: OSCP – Part 7 (audio)

6 Feb 20156min

7MS #40: OSCP – Part 6 (audio)

7MS #40: OSCP – Part 6 (audio)

PART SIX of a mind-bending series all about OSCP! 7MS #40: OSCP – Part 6 (audio)

31 Jan 20157min

7MS #39: Infosec on the Disney Boat (audio)

7MS #39: Infosec on the Disney Boat (audio)

I took a Disney cruise with my family recently, and one particular aspect of the trip gave me the Big Brother heebie-jeebies. 7MS #39: Infosec on the Disney Boat (audio)

24 Jan 20158min

7MS #38: OFFTOPIC – Health and Infosec (audio)

7MS #38: OFFTOPIC – Health and Infosec (audio)

Every once in a while I thought it would be fun to go slightly off topic and talk about other stuff I’m interested in. This episode kind of has a tech twist though. I talk about how I use my iPhone and a few apps to stay at least a little bit in shape. 7MS…

17 Jan 20157min

7MS #37: Keimpx (audio)

7MS #37: Keimpx (audio)

Ever wanted to pass hashes a whole network at a time? Check out this episode, where I talk about one of my fav new tools called Keipmx. 7MS #37: Keimpx (audio)

10 Jan 20157min

7MS #36: OSCP – Part 5 (audio)

7MS #36: OSCP – Part 5 (audio)

More talk about OSCP goodness. Download: 7MS #36: OSCP – Part 5 (audio)

3 Jan 20157min

Populärt inom Politik & nyheter

p3-krim
svd-dokumentara-berattelser-2
rss-krimstad
flashback-forever
rss-vad-fan-hande
aftonbladet-daily
rss-viva-fotboll
olyckan-inifran
rss-sanning-konsekvens
svenska-fall
krimmagasinet
fordomspodden
motiv
rss-expressen-dok
rss-frandfors-horna
dagens-eko
blenda-2
svd-nyhetsartiklar
spar
spotlight