October | 2009 | Andrew Hay

October 31, 2009
by Andrew Hay
11331 Comment2009-10-31+23%3A59%3A52Andrew+Hay

Passed GIAC Advanced Filesystem Recovery and Memory Forensics Test

I sat down this afternoon and passed my GIAC Advanced Filesystem Recovery and Memory Forensics Skills Test and Report (STAR) test. I took the SANS Security 526:Advanced Filesystem Recovery and Memory Forensics course while at SANS Network Security 2009 in … Continue reading →

October 27, 2009
by Andrew Hay
11092 Comments2009-10-27+19%3A54%3A46Andrew+Hay

Installing log2timeline on SIFT – Updated Instructions for Ease of Use

If you use the SANS Investigative Forensic Toolkit (SIFT) Workstation for your forensic analysis you can easily add log2timeline to your VMware guest image. In order to get these files using the wget, yum, and cpan methods you must ensure … Continue reading →

October 27, 2009
by Andrew Hay
11000 commentsBooks+I%27ll+be+Reading+This+Fall...2009-10-27+14%3A33%3A43Andrew+Hay

Books I’ll be Reading This Fall…

Thanks to Syngress, and their great discounts lately, I have a full forensic library to read through this fall (and probably through the winter). Also, I blame Rob Lee for my new found love of forensics. Here are some of … Continue reading →

October 26, 2009
by Andrew Hay
10950 comments2009-10-26+21%3A37%3A56Andrew+Hay

Featured on Tenable Network Security Podcast

Thanks to Paul Asadoorian, I was interviewed for the Tenable Network Security Podcast about University security and my recent SecTor blog post that caused such a stir. If you’re here at my site, wanting to know the story behind what … Continue reading →

October 26, 2009
by Andrew Hay
10930 commentslinks+for+2009-10-262009-10-26+20%3A03%3A48Andrew+Hay

links for 2009-10-26

Tenable Network Security: Tenable Network Security Podcast – Episode 9 Hey, look…it's me! (tags: podcast hay) Detecting Malice eBook – Fraud Loss Prevention Robert "RSnake" Hansen just released his new eBook entitled "Detecting Malice". Buy it now! "Who are you … Continue reading →

October 22, 2009
by Andrew Hay
10900 commentslinks+for+2009-10-222009-10-22+20%3A04%3A28Andrew+Hay

links for 2009-10-22

Free download turns BlackBerry into remote bugging device • The Register (tags: remote listening bug blackberry) WinDump Color Highlighting PowerShell Script » Windows (In)Security (tags: windump sniff.psl powershell) China Expands Cyberspying in U.S., Report Says – WSJ.com (tags: china cyberwar) … Continue reading →

October 21, 2009
by Andrew Hay
10890 commentslinks+for+2009-10-212009-10-21+20%3A04%3A30Andrew+Hay

links for 2009-10-21

Windows Incident Response: Timeline Creation Tools (tags: timeline forensics) Computer Forensics – News – The Importance of Memory Search and Analysis (tags: forensics memory)

October 21, 2009
by Andrew Hay
10852 Comments2009-10-21+14%3A47%3A22Andrew+Hay

Metasploit Project Acquired by Rapid7 a Good Thing

In case you haven’t already heard from the numerous other sources, HD Moore’s Metasploit project has been acquired by Rapid7 and he has joined the company as their CSO. A lot of people see this as a bad move but … Continue reading →

October 14, 2009
by Andrew Hay
10715 Comments2009-10-14+19%3A52%3A38Andrew+Hay

Security Vendor Illegally Collects and Displays Attendee Information at Security Conference

Delivering a black eye to SecTor, the annual IT security conference held in Toronto, Ontario, Canadian security vendor eSentire admitted to collecting and displaying attendee information from what attendees thought was a secured network. With the full consent of conference … Continue reading →

October 2, 2009
by Andrew Hay
10700 commentslinks+for+2009-10-022009-10-02+20%3A02%3A57Andrew+Hay

links for 2009-10-02

Wireless Network Signals Produce See-Through Walls | Threat Level | Wired.com I can't help but think SWAT would love to have something like this for pre-breach analysis. (tags: wireless walls) SecuriTeam Blogs » Microsoft Security Essentials review Will 'free and … Continue reading →