Stuffz
Tool Updates
Paraben recently sent out an email about an updated version of their P2eXplorer tool being available. This is the product that allows you to mount acquired images for viewing, mounting a variety of images as physical disks.
ImDisk is available for 32- and 64-bit versions of Windows, including Windows 2008. I've got an idea for trying it out on Windows 7...we'll have to see how it works.
The TSK tools are up to version 3.1.2. Be sure to update your stuff.
eZine
There's a new issue of Hakin9 magazine available...it's free now, which is kind of cool.
WindowsRipper
Matt posted about how he and Adam used RegRipper to create WindowsRipper. It's an interesting project and I have to say, I really like it when folks find ways to achieve their needs and get the tools to meet their goals, rather than the other way around. Great job, guys...I'm looking forward to seeing where this goes. Let me know what I can do to help.
WinFE
Speaking of RegRipper, it appears that RegRipper is included in WinFE! Brett Shavers set up the WinFE site (he's also the guy who set up the RegRipper site), and the list of tools includes RegRipper!
Podcasts
I was interviewed last night by the guys from the Securabit podcast (episode 58). Thanks, guys, for a great time..."hanging out" on Skype with a bunch of former sailors...truly a dream come true! ;-) I enjoy having the opportunity to talk nerdy with folks, as forensics is not just a job, it's an adventure!
Check out Chris Pogue's "Sniper Forensics" interview on the CyberJungle podcast. It's episode 141, and the hosts start mentioning SANS (as a lead-in to Chris's interview) at about 58:26 into the podcast. Chris talked about his sniper forensics, as well as the 4-step Alexiou Principle that he uses as a basis for analysis. Chris will be giving his "Sniper Forensics" presentation at the SANS Forensic Summit in July.
Paraben recently sent out an email about an updated version of their P2eXplorer tool being available. This is the product that allows you to mount acquired images for viewing, mounting a variety of images as physical disks.
ImDisk is available for 32- and 64-bit versions of Windows, including Windows 2008. I've got an idea for trying it out on Windows 7...we'll have to see how it works.
The TSK tools are up to version 3.1.2. Be sure to update your stuff.
eZine
There's a new issue of Hakin9 magazine available...it's free now, which is kind of cool.
WindowsRipper
Matt posted about how he and Adam used RegRipper to create WindowsRipper. It's an interesting project and I have to say, I really like it when folks find ways to achieve their needs and get the tools to meet their goals, rather than the other way around. Great job, guys...I'm looking forward to seeing where this goes. Let me know what I can do to help.
WinFE
Speaking of RegRipper, it appears that RegRipper is included in WinFE! Brett Shavers set up the WinFE site (he's also the guy who set up the RegRipper site), and the list of tools includes RegRipper!
Podcasts
I was interviewed last night by the guys from the Securabit podcast (episode 58). Thanks, guys, for a great time..."hanging out" on Skype with a bunch of former sailors...truly a dream come true! ;-) I enjoy having the opportunity to talk nerdy with folks, as forensics is not just a job, it's an adventure!
Check out Chris Pogue's "Sniper Forensics" interview on the CyberJungle podcast. It's episode 141, and the hosts start mentioning SANS (as a lead-in to Chris's interview) at about 58:26 into the podcast. Chris talked about his sniper forensics, as well as the 4-step Alexiou Principle that he uses as a basis for analysis. Chris will be giving his "Sniper Forensics" presentation at the SANS Forensic Summit in July.