Wednesday, November 24, 2010

Back on track

A day later than planned, but I'm finally back on here and adding some content. I've gotten a lot of positive feedback regarding starting the blog and I really appreciate that.

A great deal is going on in my life these days with regards to digital forensics and it's really exciting. First, not many know this, but I'm co-writing a book with two very good friends, Brad Garnett and Joe Garcia. The title will be The Basics of Digital Forensics. We just recently got started, so lots to do yet. We're trying to write the book we wished we had back when we were first getting started. More on this later!

Next, I got a surprise phone call from the local junior college a few days ago asking if I'd be interested in helping develop and teach a computer forensics course. I'm very excited by the possibilities and plan to meet with them next week to discuss it further.

Meanwhile, I continue reading the Malware Analysts Cookbook in my spare (ha!) time. Kudos to Michael Hale Ligh, Steven Adair, Blake Hartstein and Matthew Richard for creating this excellent book. I'm only up to chapter 7 at this point, but I'm finding it very interesting indeed. I like the writing style and the exercises and examples are very well done. I do wish I had a background in programming, especially javascript and Python, just so I would better understand some things I've read so far. However, the way the book is written helps make up for my lack of programming knowledge.

Finally, I repaired my sisters computer recently when it had a rogue defrag program on it. This is similar to the rogue antivirus programs, but instead of bogus virus infection reports, the rogue defrag pretends to scan your hard drive and finds all sorts of dire problems with the drive and the file system. What it's really doing during the "scan" is installing itself to your hard drive, complete with program group in the All Programs listing and icons. They only want $80 to register the defrag so it can fix the physical errors on your hard drive...what a deal!
Prior to starting the removal process, I imaged RAM using windd and then imaged the hard drive. I created a Super Timeline from the drive image, though I haven't had sufficient time since doing it to really look it over. I also used the excellent Volatility Framework to look at the memory image. I was able to find some interesting info in that, which I'll detail in a near-future blogpost, along with other details of the malware I found. But for now, it's late and I'm tired, so I'm ending this post here.  I hope everyone has a great Thanksgiving!

No comments:

Post a Comment