My first guest post on the Open Security Research Blog was published yesterday. In this post I walk through the steps required to install and compile LiME Forensics, a Loadable Kernel Module that allows you to dump the full contents of memory of an Android based device. The instructions have been tested successfully on Ubuntu 11.10, with Java […]
I have just uploaded to the Papers & Presentations section the slides for my talk on “Latest Advances in Android Forensics” (in Spanish) at the 1st International Symposium for Android Security held in Malaga last week: Últimos avances en Análisis Forense de sistemas Android (PDF – 3,8 Mb)
When Prevention Fails: Extending IR and Digital Forensics to the Corporate Network (slides from SANS Boston 2011)
The slides from my @night talk at SANS Boston 2011 are available for download now: When Prevention Fails, Extending IR and Digital Forensics Capabilities to the Corporate Network (PDF – 6,2 MB) Thanks to Barbara Basalguete, Stephen Northcutt and the rest of the SANS crew for the opportunity to participate in such a great event, as well […]
Mac OS Forensics How-To: Simple RAM Acquisition and Analysis with Mac Memory Reader (Part 1) – update (and Part 2)
Part 1 of my post on Mac OS X memory acquisition and analysis has been posted at the SANS Forensics Blog. I’ll try to publish Part 2 early next week. Stay tuned!
The System Administrator knew something was wrong when he saw there was an additional user account on the Web-based Enterprise Resource Planning (ERP) system that he administered. He kept the system updated and patched, but he now suspects that the system has been hacked and compromised. Now, as a computer forensic investigator, you will have to find out if there was any unauthorized access, how it happened and what was the extent of the damage.
I’m writing this post while seated on a train going from Birmingham’s International Airport to Banbury, a small town located in the heart of Oxfordshire. It’s only a 40 minutes trip but I really enjoy it, especially if I have a good album to listen to…
That’s been what I call my ‘SANS itinerary’ since I started this exciting journey back in June 2007. It all started at SANS Secure Europe, in Brussels, where I took my first SANS class with Jess Garcia, CEO of One eSecurity and a good friend of mine. It was SECURITY 508, System Forensics, Investigation & Response, an awesome track created by Rob Lee on one of the most interesting and hot topics of Information Security. It’s been almost two years since then, but now I realize that event had a tremendous positive influence in my career as a security professional.
It’s been a busy two weeks trying to put together the training material I’ll be using to teach Incident Response and Computer Forensics to some of my colleagues in other geographies across Europe, Asia and Australia, and that will kick-off in Leiden in approximately 10 days. Meanwhile, the latest news about the Indian embassy reported […]
Earlier this morning I was alerted to this problem by a colleague who was trying to access www (dot) embajadaindia (dot) com to sort out some paperwork related to my employer’s offices in India. When tried to load the site, the Desktop Antivirus displayed the following pop-up alert…
Keep reading then and have a look at the following links to a few interesting security tools, new forensic challenges and even a new Multi-Boot Security Live DVD
Find It Quickly
Find what you're looking for quickly by using our keyword search. Can't find it? Try our links below.