Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

[Security Weekly] Forensic Analysis of Anti-Forensic Activities
From: Andrew Case <atcuno () gmail com>
Date: Thu, 30 Jan 2014 12:12:24 -0600

At Shmoocon this year an anti-forensics tool was released that created
fake artifacts in memory of compromised systems. The purpose of the
tool was to mislead memory forensics investigators into thinking the
faked/decoy artifacts were real and to draw conclusions based on them.

In response to this, Jack Crook did a forensics analysis and follow up
blog post showing a number of ways that not only can the malicious
tool be found in memory, but also disproving the created fake
artifacts.

It is really nice read in terms of memory forensics power and fighting
anti forensics:

http://blog.handlerdiaries.com/?p=363
_______________________________________________
securityweekly mailing list
securityweekly () mail securityweekly com
http://mail.securityweekly.com/cgi-bin/mailman/listinfo/securityweekly
Main Web Site: http://pauldotcom.com


  By Date           By Thread  

Current thread:
  • [Security Weekly] Forensic Analysis of Anti-Forensic Activities Andrew Case (Jan 31)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]