[Security Weekly] Forensic Analysis of Anti-Forensic Activities

[Andrew Case <atcuno () gmail com>]

At Shmoocon this year an anti-forensics tool was released that created
fake artifacts in memory of compromised systems. The purpose of the
tool was to mislead memory forensics investigators into thinking the
faked/decoy artifacts were real and to draw conclusions based on them.

In response to this, Jack Crook did a forensics analysis and follow up
blog post showing a number of ways that not only can the malicious
tool be found in memory, but also disproving the created fake
artifacts.

It is really nice read in terms of memory forensics power and fighting
anti forensics:

http://blog.handlerdiaries.com/?p=363
_______________________________________________
securityweekly mailing list
securityweekly () mail securityweekly com
http://mail.securityweekly.com/cgi-bin/mailman/listinfo/securityweekly
Main Web Site: http://pauldotcom.com