Site Archives Forensics
My first guest post on the Open Security Research Blog was published yesterday. In this post I walk through the steps required to install and compile LiME Forensics, a Loadable Kernel Module that allows you to dump the full contents of memory of an Android based device. The instructions have been tested successfully on Ubuntu 11.10, with Java [...]
When Prevention Fails: Extending IR and Digital Forensics to the Corporate Network (slides from SANS Boston 2011)
The slides from my @night talk at SANS Boston 2011 are available for download now: When Prevention Fails, Extending IR and Digital Forensics Capabilities to the Corporate Network (PDF – 6,2 MB) Thanks to Barbara Basalguete, Stephen Northcutt and the rest of the SANS crew for the opportunity to participate in such a great event, as well [...]
The System Administrator knew something was wrong when he saw there was an additional user account on the Web-based Enterprise Resource Planning (ERP) system that he administered. He kept the system updated and patched, but he now suspects that the system has been hacked and compromised. Now, as a computer forensic investigator, you will have to find out if there was any unauthorized access, how it happened and what was the extent of the damage.
That’s been what I call my ‘SANS itinerary’ since I started this exciting journey back in June 2007. It all started at SANS Secure Europe, in Brussels, where I took my first SANS class with Jess Garcia, CEO of One eSecurity and a good friend of mine. It was SECURITY 508, System Forensics, Investigation & Response, an awesome track created by Rob Lee on one of the most interesting and hot topics of Information Security. It’s been almost two years since then, but now I realize that event had a tremendous positive influence in my career as a security professional.
Keep reading then and have a look at the following links to a few interesting security tools, new forensic challenges and even a new Multi-Boot Security Live DVD
I was discussing with a friend a few weeks ago how challenging is to teach folks that come in from the exclusive Windows-world on advanced Unix topics. Yes, I mean the kind of user that ends up rebooting a Unix box after changing a conf file instead of just restarting the appropriate services . I’m [...]
Yes! I’m just writing my first post from the Apple Store at Regent Street (London) to let you know that I’ve just passed my SANS GCIA exam. Indeed, I know it could have been better (scored 89%) and that I scored even more on my first GIAC exam (GCFA -Forensics Analyst- that I took on [...]
Find It Quickly
Find what you're looking for quickly by using our keyword search. Can't find it? Try our links below.