Author Archives for Ismael Valenzuela
My first guest post on the Open Security Research Blog was published yesterday. In this post I walk through the steps required to install and compile LiME Forensics, a Loadable Kernel Module that allows you to dump the full contents of memory of an Android based device. The instructions have been tested successfully on Ubuntu 11.10, with Java […]
I have just uploaded to the Papers & Presentations section the slides for my talk on “Latest Advances in Android Forensics” (in Spanish) at the 1st International Symposium for Android Security held in Malaga last week: Últimos avances en Análisis Forense de sistemas Android (PDF – 3,8 Mb)
This is the post I should have written months ago, actually back in November last year, when I joined the Foundstone practice (part of McAfee Strategic Security Services) as Principal Architect for EMEA. But time has been scarce, with lots of new developments and challenges both in my personal and professional life, including spending a […]
When Prevention Fails: Extending IR and Digital Forensics to the Corporate Network (slides from SANS Boston 2011)
The slides from my @night talk at SANS Boston 2011 are available for download now: When Prevention Fails, Extending IR and Digital Forensics Capabilities to the Corporate Network (PDF – 6,2 MB) Thanks to Barbara Basalguete, Stephen Northcutt and the rest of the SANS crew for the opportunity to participate in such a great event, as well […]
I can’t think of any better place to be in May than… Berlin!! So all packet-ninjas looking to improve their TCP/IP and traffic analysis skills are welcome to join us in the first ever Community SANS Berlin for the SECURITY 503: Intrusion Detection In-Depth track. A full description of the event can be found here: […]
Mac OS Forensics How-To: Simple RAM Acquisition and Analysis with Mac Memory Reader (Part 1) – update (and Part 2)
Part 1 of my post on Mac OS X memory acquisition and analysis has been posted at the SANS Forensics Blog. I’ll try to publish Part 2 early next week. Stay tuned!
I’m glad to announce that I will be teaching Community SANS Security 503: Intrusion Detection In-Depth at Banbury, Oxfordshire (UK). This 6-day course will run from Monday, February 15, 2010 through Saturday, February 20, 2010.
The System Administrator knew something was wrong when he saw there was an additional user account on the Web-based Enterprise Resource Planning (ERP) system that he administered. He kept the system updated and patched, but he now suspects that the system has been hacked and compromised. Now, as a computer forensic investigator, you will have to find out if there was any unauthorized access, how it happened and what was the extent of the damage.
I read in Doug Burks’ tweet that his Security Onion LiveCD is now available for download. Being a serious Sguil fan, I can’t do anything but recommend you have a look at this new live distro.
If you ever wondered what a blonde, a brunette, lemon juice and a bank robber had to do with software development and the psychology of programming you have to watch Ron Burk’s presentation…