Incident Response

February 17, 2017 in Silly Business is a world of words. Politics is a world of nuances.  The very same principle applies to data analysis – strings are readable, and alternative strings are readable alternatively. Given the fact the alternative strings have never been paid attention to, I introduce a…

Read More

Go into a tech interview, especially one for operations or security, and you’re more than likely going to get an interview question like this: “What happens when you put a URL in the address bar of a browser and hit enter?” I’ve been on both ends of this question, asked…

Read More

Source: Flickr Ahh January 4th. It’s that time of year to review 2016 and think about what’s coming in 2017. Let’s start by looking at what I kicked off 2016 with: A Year Later – 2016 Goals Did I get it all done or fail miserably? Source: Pinterest Here is…

Read More

Kremlin from the River. Source: Wikipedia. Here it is. After weeks of wondering if and how the United States Government might respond the United States White House, State Dept, Treasury, and US-CERT have released information on and sanctions against the Russian government’s efforts to influence the United States elections. I…

Read More

From the New York Times: “Review: ‘Hamilton,’ Young Rebels Changing History and Theater” Give it a second, I’ll explain the Hamilton reference to DFIR, but for now let me share one of my favorite songs. Aaron Burr thinks Alexander Hamilton is a brash aggressive brute and believes Hamilton thinks him slow…

Read More

As much as I look forward to change sometimes, I am often hesitant to forego the familiar despite recognizing the risks of becoming too comfortable in the same job. Fortunately, I’ve come across an opportunity to take on a new role that matches all three professional objectives I defined for myself: Contribute towards advancing the…

Read More

VSCsNot long ago, I blogged about a means for accessing files within VSCs, which was based on a tweet that I had seen.  However, I could not get the method described in the tweet to work, nor could others. Dan/4n6k updated his blog post to include a reference to volrest.exe,…

Read More

VSCsNot long ago, I blogged about a means for accessing files within VSCs, which was based on a tweet that I had seen.  However, I could not get the method described in the tweet to work, nor could others. Dan/4n6k updated his blog post to include a reference to volrest.exe,…

Read More

I like to keep up on new tools that are discussed in the community, because they offer insight into what other analysts are seeing.  The DFIR community at large isn’t really that big on sharing what they’ve seen or done, and seeing tools being discussed is something of a "peek…

Read More

The best persistence mechanisms are these that are well documented. They work perfectly and are often compatible with many versions of Windows. Here’s a story of one. According to Microsoft’s […] Source: Hexacorn Ltd @ January 26, 2017 at 05:16PM 0

Read More