Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Some interesting reading for a snowy Saturday SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Some interesting reading for a snowy Saturday

As I sit here during the first Blizzard Warning in central Ohio in 10 years, I was looking through some of the articles I've clipped to read when I had the time and it looks like I may have the time this weekend.  While I was at it, I figured I'd share with the rest of you.  I'm also working on a couple of scripts that should be ready for public release in a week or two, but I'll post another story when they are ready to go.  So, here, in no particular order are some interesting articles for your reading pleasure.

  • Andreas Schuster has been doing a series on his blog on forensic acquisition.  I recommend the entire series, but I especially liked this one from last month on acquisition via Firewire.
  • Also, for the malware analysts out there, there is this story on Offensive Computing that has a nice demo of automated unpacking with OllyDbg.
  •  We've done stories before asking for your suggestions on useful tools, but Harlan Carvey had these two stories on his blog on useful forensic tools and in the second, pointed out this paper by Richard Austin from Kennesaw State University.
  • And speaking of useful tools, Jesse Kornblum as released dc3dd.  He announced it here and has a writeup about it here.  As with dcfldd, this tool does on-the-fly piecewise hashing but can track the changes in the GNU version of dd more quickly.
  • Speaking of Jesse Kornblum, if you haven't read his paper on context-triggered piecewise hashing, you should.  I'm a big fan of ssdeep.
I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS San Antonio: Virtual Edition 2021


423 Posts
ISC Handler
Mar 8th 2008

Sign Up for Free or Log In to start participating in the conversation!