Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Notable Tidbits

Published: 2006-08-28
Last Updated: 2006-08-28 23:10:18 UTC
by Robert Danford (Version: 1)
0 comment(s)
Notable updates for today:
http://liveview.sourceforge.net/

"Live View is a Java-based graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk. This allows the forensic examiner to "boot up" the image or disk and gain an interactive, user-level perspective of the environment, all without modifying the underlying image or disk. Because all changes made to the disk are written to a separate file, the examiner can instantly revert all of his or her changes back to the original pristine state of the disk.
The end result is that one need not create extra "throw away" copies of the disk or image to create the virtual machine."

Live View is capable of booting

    * Full disk raw images
    * Bootable partition raw images
    * Physical Disks (attached via a USB or Firewire bridge)

Containing the following operating systems

    * Windows XP, 2000, 2003, NT, Me, 98
    * Linux (limited support)
[source: liveview site]

http://ssdeep.sourceforge.net/ (Came across while browsing Richard's excellent aggregate site http://www.bloglines.com/public/TaoSecurity)
Uh context triggered piecewise hashes. Makes my head hurt. But you'll like it if you need to compare closely related files (polymorphic malware samples maybe?)
Here's a greaqt interview. http://cyberspeak.libsyn.com/index.php?post_id=115142
This is way beyond me too http://dbacl.sourceforge.net/


Keywords:
0 comment(s)
Diary Archives