PaulDotCom mailing list archives
[Security Weekly] Forensic Analysis of Anti-Forensic Activities
From: Andrew Case <atcuno () gmail com>
Date: Thu, 30 Jan 2014 12:12:24 -0600
At Shmoocon this year an anti-forensics tool was released that created fake artifacts in memory of compromised systems. The purpose of the tool was to mislead memory forensics investigators into thinking the faked/decoy artifacts were real and to draw conclusions based on them. In response to this, Jack Crook did a forensics analysis and follow up blog post showing a number of ways that not only can the malicious tool be found in memory, but also disproving the created fake artifacts. It is really nice read in terms of memory forensics power and fighting anti forensics: http://blog.handlerdiaries.com/?p=363 _______________________________________________ securityweekly mailing list securityweekly () mail securityweekly com http://mail.securityweekly.com/cgi-bin/mailman/listinfo/securityweekly Main Web Site: http://pauldotcom.com
Current thread:
- [Security Weekly] Forensic Analysis of Anti-Forensic Activities Andrew Case (Jan 31)