Friday, July 29, 2011

Cheat Sheets

Mark Morgan has a couple of intrusion discovery cheat sheets over on his blog. He has one for Windows XP Pro, Server 2003 and Vista, along with a separate one for investigating Linux machines. I really appreciate him taking the time to do these and make them available. I always enjoy seeing how people approach their investigations and adapting their methods to my work when possible. Lenny Zeltser also has some great Information Security cheat sheets over on his site.

My good buddy Joe Garcia has a review of Windows Registry Forensics over on the CyberCrime 101 blog. Nice job Joe!

I've been beta testing a new tool called Registry Decoder for Windows Registry parsing and searching. Registry Decoder is being developed by Andrew Case and Vico Marziale over at Digital Forensics Solutions. It's plugin based and has a nice search function as well. It's still in early beta stage and not ready for prime time, but I can definitely see it will be a fine addition to my forensic toolbox.

I've been spending a lot of my off time studying for the Network+ exam and hope to take it in the near future. I've also taken the time lately to set up a couple of Untangle firewall/router machines, one at home and another for my employer. I'll be talking more about all of that later.


That's it for now. Everyone stay safe!

5 comments:

  1. Hey KP interesting stuff...good luck with the Network Plus!

    ReplyDelete
  2. Thanks Doug! Did I hear correctly that you're coming home soon?

    ReplyDelete
  3. The CheatSheets are no more. Can you contact your references and see if you could host them. I always love a good cheatsheet. Thanks.

    ReplyDelete
  4. I'll see if I can find a way to contact him. Thanks for the heads up!
    KP

    ReplyDelete
  5. Mark's blog will eventually be back, but for the time being his cheat sheets are available at this url: https://www.evernote.com/pub/markmorgan47/markmorgan47snotebook#b=da827f83-88a7-4e45-a450-ae5d32c27bec&n=942ca0ab-0f97-4afb-9b01-cc926ec345b7

    ReplyDelete