|
Information Security News
mailing list archives
New tool could help computer forensics move off the disk and into memory
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 30 Jul 2009 05:16:24 -0500 (CDT)
http://gcn.com/articles/2009/07/29/black-hat-briefings-memory-forensics.aspx
By William Jackson
GCN.com
July 29, 2009
LAS VEGAS - Tools such as Metasploit’s meterpreter for the automated
delivery of stealthy payloads are making it more difficult for
researchers to find out after the fact exactly what happened to an
exploited computer.
Meterpreter can let an attacker upload malware files to a computer that
do not touch the disk, which is where traditional forensics tools look
to find evidence of malicious activity.
“Meterpreter breaks all disk forensics,” said Peter Silberman, an
engineer at Mandiant Inc. So researchers now are looking into memory for
evidence of wrongdoing. “This is a new frontier in forensics analysis.”
Silberman and Stephen Davis, a Mandiant security consultant,
demonstrated a new memory analysis tool Wednesday at the Black Hat
Briefings security conference. By examining traces of memory that can
remain resident on a computer for surprisingly long times, they can find
evidence of malicious activity that is not visible elsewhere.
[...]
_______________________________________________
Attend Black Hat USA, July 25-30 in Las Vegas,
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
 By Date 
By Thread
Current thread:
- New tool could help computer forensics move off the disk and into memory InfoSec News (Jul 30)
|
Intro
