I recently wrote a script that runs croned and port scans all of our servers daily. It saves the output and diffs it compared to the previous days and emails me as new ports open up. I think this will be a good way to detect new services and potential malware infection, but what about […]
I have recently been updating my Windows Forensics First Responder script and have noticed a number of servers reporting the following when using Sysinternals/Microsoft’s listdlls.exe. *** Loaded C:\WINNT\system32\KERNEL32.dll differs from file image: *** File timestamp: Wed Apr 18 12:25:36 2007 *** Loaded image timestamp: Wed Apr 18 12:25:37 2007 *** 0x77e40000 0x102000 5.02.3790.4062 C:\WINNT\system32\KERNEL32.dll Now […]
Bruce Schneier just posted an interesting article on his blog entitled “Interview with an Adware Developer”.
This article reinforces many of the things I have been telling people for a very long time, but for whatever reason never sinks in.
Many experts continue to speculate on why it took so long for Heartland to identify and disclose the breach. According to the Storefront Backtalk report, the payment processor revealed the breach was first discovered in late October or early November, whereas previous statements indicated that it was only in the fall. The company has had two outside forensics teams and the Secret Service working on the problem for more than two months, and yet the “sniffer” software used to collect the data was located only last week.
The case against Connecticut substitute teacher Julie Amero has finally come to a close. Prosecutors dropped the felony charges against her, but the agreement called for a guilty plea to a misdemeanor charge of disorderly conduct and surrender of her state teaching credential. Amero had previously been convicted of endangering minors and faced 40 years […]
At work it is fairly common for hard drives to die, machines to become infected with a virus, trojan or worm and the occasional compromise. It just happens when you have so many machines; the odds are against you. For this reason I wanted to build a machine specifically for forensics purposes, similar to the […]