REMnux is a lightweight Linux distribution for assisting malware analysts with reverse-engineering malicious software. Here is how to install the REMnux virtual appliance using common virtualization tools, such as VMware and VirtualBox, thanks to the Open Virtualization Format (OVF/OVA).
In this interview, Jake Williams discusses his perspective on the various approaches to reverse-engineering malware, including behavioral, dynamic and static analysis as well as memory forensics. Jake is an incident responder extraordinaire, who teaches SANS' FOR610: Reverse-Engineering Malware course.
In this interview, Jake Williams shares advice on acting upon the findings produced by the malware analyst. He also clarifies the role of indicators of compromise (IOCs) in the incident response effort. Jake is an incident responder extraordinaire, who teaches SANS' FOR610: Reverse-Engineering Malware course.
We are pleased to report the successful introduction of Access Data's Forensic Toolkit (FTK) v4 into the SANS FOR408 Course (Computer Forensic Investigations - Windows In-Depth). While students have access to well over a hundred free and open source tools during the course, we also felt it important for them to gain an understanding of the capabilities of commercial tool suites. There is no one tool that can accomplish everything during a forensic examination, but in many cases a forensic suite can greatly speed up case processing and analysis. Hence, commercial tools like Guidance EnCase, Magnet Forensics Internet Evidence Finder, and Access Data FTK are all part of...
This week's Digital Forensic Case Leads takes us around the world. From a possible Anonymous waring in Latin America, to the report that the Chinese Government may be building in backdoors to networks across the globe. In the last few weeks there have been many announcements about the use of Near Field Communications (NFC) in the next generation of smartphones and tablets from all the major platform makers. Most of the press has been on digital wallets. But, many believe we will see use of NFC for multi-factor authentication, physical access control, and more. If that happens, look for NFC to be a factor in DFIR. Since NFC an RFID-based technology, be sure to read the paper co-authored by Dr. Hal Berghel on RFID security in this week's Good Reads.
- Registry Decoder 1.3 has been released. Registry Decoder,