Re: Re: [ISN] Book Review: Forensic Discovery

[j mark <jmark2099 () yahoo com>]

Anthony Zboralski wrote:

> On 19 Jan 2005, at 14:55, InfoSec News wrote:
>
> >
<snip>
> > of digital forensics.
>
>
> Source: http://hert.org/story.php/58
>
> After reading the review of Dan Farmer and Wietse's
Forensic Discovery, you should hear about
> The Grugq who got fired from @stake after writing a
Phrack Article in which he exposed numerous
> flaws in The Coroner's Toolkit by Dan & Wietse.
>
> Before you read this book, check out the video
(bittorrent) of The Grugq on The Art of Defiling and
> see how to defeat "industry grade" forensic tools
and techniques .
> You can also meet him at a hacker convention near
you (in March at BCS2005 in Jakarta, in April
>  at Black Hat in S'pore and Amsterdam and at
HITB2005 Bahrain.
> Video of the Grugq's Speech, The Art of Defiling:
>   http://www.hert.org/z/grugq.torrent (Courtesy of
HITB2004)
> Presentation Slides:
>  
http://packetstormsecurity.com/hitb04/hitb04-grugq.pdf
(from HITB2004)
> Phrack article:
>   http://www.phrack.org/show.php?p=59&a=6 (Phrack
59)
> Grugq's Profile:
>  
http://www.bellua.com/bcs2005/asia05.speakers.html#grugq
> The Grugq has been researching anti-forensics for
almost 5 years. He has presented
> to the UK's largest forensic practitioner group
where he scared Scotland Yard.
>  Grugq has worked to secure the networks and hosts
of global corporations, and
> he's also worked for security consulting companies.
His work as a security consultant
> was cut short temporarily following the publication
of an article on anti-forensics.
> P.S. Is it illegal to talk about anti-forensics
under the Patriot Act?
> gaius

This article in Phrack is being cited as this guys
qualifications for conducting a security seminar?
Getting fired for writing an article (an article so
clueless --devoid of substance-- as this one) is cited
as a good thing (just because it appeared in phrack)?
Phrack Editors: please apply some standard in choosing
articles, because people do think that having an
article published in phrack amounts to something, and
mostly your articles are superb (except when you plug
articles like this because your friend wrote it)

Just because one tool does not check bad cluster,
doesn't mean that you can use this method of data
hiding to defeat forensics as a whole.

Encryption as an anti-forensics technology.
<sarcasm>Wow. who knew that?</sarcasm>

Logging to a different Syslog server. <sarcasm>Wow.
who knew that?</sarcasm>

Anthony Zboralski: We would expect yot to plug some
article with substance when you promote your speaker
and conference in a lot of security mailing lists. Oh
yeah and you are going to jail if you talk about
anti-forensics in US, you stupid promoter.

jmark



                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - 250MB free storage. Do more. Manage less. 
http://info.mail.yahoo.com/mail_250
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html