Post Humorous

UNIX and Linux Forensic Analysis is out

Thu, 10 Jul 2008 12:20:00 -0500

The book I co-authored is available now. I can't say I'm 100% pleased with my portions - I was brought in late in the process and we ran way short on time. I think my parts are good, not great. I'll be working on some more forensics/incident response texts in the future, so hopefully I'll have more time to polish up what I produce.

Regardless, you should buy it.

If you have any questions about the book or contents thereof, feel free to post or mail me.

Tag: forensics unix linux book

PTK Beta Released

Thu, 05 Jun 2008 12:46:00 -0500

The open beta for PTK started a few days ago.

You can fetch it up at DFLabs.

Description from the site:

"PTK is an alternative advanced interface for the suite TSK (The Sleuth Kit). PTK was developed from scratch and besides providing the functions already present in Autopsy Forensic Browser it implements numerous new features essential during forensic activity. PTK is not just a new graphic and highly professional interface based on Ajax technology but offers a great deal of features like analysis, search and management of complex cases of digital investigation." Big improvements I've noticed over Sleuthkit since I've been playing with it:

Much much improved GUI/user experience
Built in indexing
Rocking graphical timeline feature
No auto-display of gigantic binary files upon initial click
Memory parsing (currently only of XP SP2 systems) courtesy Volatility plugin
Super-rad bookmarking feature

It's ridiculously easy to install on Ubuntu 8.04 Server (install LAMP server, add mysql root user when prompted, download & install PTK. Browse to http://$MYSERVER/ptk). I recommend you try it out so you can see what the cool kids are up to.

Argus 3.0 released

Tue, 20 May 2008 10:23:00 -0500

This actually happened over a month ago, but I managed to not notice until now, thanks to a near absence of downtime.

Argus 3.0 release announcement

If you're not aware of Argus, it's an excellent tool to use during both proactive and reactive network monitoring. I use it primarily in a response capacity - to turn packet captures into useful information very quickly.

The description from the source: Argus is a fixed-model Real Time Flow Monitor designed to track and report on the statusand performance of all network transactions seen in a data network traffic stream. Argusprovides a common data format for reporting flow metrics such as connectivity, capacity,demand, loss, delay, and jitter on a per transaction basis. The record format that Argususes is flexible and extensible, supporting generic flow identifiers and metrics, as well asapplication/protocol specific information.

Argus can be used to analyze and report on the contents of packet capture files or it canrun as a continuous monitor, examining data from a live interface; generating an audit logof all the network activity seen in the packet stream. Argus can be deployed to monitorindividual end-systems, or an entire enterprises network activity. As a continuousmonitor, Argus provides both push and pull data handling models, to allow flexiblestrategies for collecting network audit data. Argus data clients support a range ofoperations, such as sorting, aggregation, archival and reporting. There is XML supportfor Argus data, which makes handling Argus data a bit easier, see ArgusRecord.xsd.

You can download Argus here. It should build on pretty much any Unix you've got floating around, and the client apps will build and run in Cygwin. If there is interest, I'll do a full writeup on building and using Argus client apps in an incident response capacity.

News from my old stomping grounds

Mon, 19 May 2008 14:45:00 -0500

Been a while since I read ValleyWag... probably since I left Google. I'm at IBM now, though, and VW routinely makes fun of our ridiculous Second Life initiatives (seriously, how many furries are buying iSeries?*) so I decided I should start keeping up again. I run across this gem:

Orkut inventor may be best argument against H-1B visas yet

Stay beautiful!

* This is perhaps a question that is best left unaswered.

New Nine Inch Nails album. Already. And it's free.

Mon, 05 May 2008 22:46:00 -0500

Looks like Trent may actually just be in this for the music. Trent Reznor dropped a new album on us today, and I must say that I'm enjoying it. While it's definitely not his best work (I'll leave that honor to the broken EP, and I'm going song for song here), it is still very enjoyable, particularly to those who enjoyed his last 2 ventures (not including Ghosts). It definitely has elements of both, mainly in style; imagine a harder, more cohesive version of With Teeth (my least favorite NIN album, though it has grown on me) particularly the vocals, with some of the breakbeateyness of Year Zero (one of my favorite albums of all time*) tossed in for good measure. Portions almost have a trip-hop sound to them, which I thoroughly enjoyed. And for the asking price (US $0) you can't go wrong, since the only thing that is required it that you give them an email to send the download link. And as we all know, anyone on the internet (with the exception of most grandmothers, invalids, and rural Americans) has the address they actually use, and the one they use for bonerpill offers and Nigerian bank scams. While there's not necessarily a reason to use the latter for the download link, having one does preclude you from using paranoia as your out on this.

True to form, Trent has followed the same path he did with Year Zero and is encouraging fans to remix the album. I've had fun remixing several of the songs from Year Zero, and if you have either Ableton Live or GarageBand, and some free time and a love of creating music, give it a try. It sure beats jerkin' in to internet porn for the 5 time in a day, and you may just find you have some undiscovered talent that is acceptable in public.

* If you haven't figured this out yet: YES, I am a NIN fanboy, and no I don't include Pretty Hate Machine on my list of cumsplosively awesome albums. It's a capable album that had some good tunes, and I'm glad it provided enough encouragement for Trent to keep making good albums.

Zombie Strippers

Fri, 25 Apr 2008 11:21:00 -0500

Zombie Strippers

wow

wow just wow

It looks like it might have too high of a budget to be sucky enough to be enjoyable

I call it the "Snakes On A Plane" effect.

For movies that *ARE* low budget enough to escape the Snakes On A Plane curse of mediocrity, check out 2005's The Wickeds (starring The Hedgehog) and Return of the Living Dead: Rave to the Grave (also 2005 - a banner year for absolute shit, apparently).

The Wickeds stars Ron Jeremy as one half of a grave robbing team. Their grave robbing triggers some curse, and zombies attack a farmhouse full of teenagers. As these are the "Rise From the Dead" class of zombies, the most unsettling thing about the movie is the shabby state of burial garb many of the zombies showcase - ripped band T-shirts, jean shorts, nothing at all, etc.

Return of the Living Dead: Rave to the Grave is one of those movies where you have to say the entire title, EVERY TIME, like Death Bed: The Bed That Eats People. The plot revolves around a college chemistry major who is also a small-time party drug manufacturer - pretty standard fare so far. Unfortunately, he creates a new drug, 'Z' (see the foreshadowing?) using the contents of a biohazard canister he found in a ditch, or something (it's been a while). Fans of the ROTLD series will instantly recognize the canister as the source of the trioxin gas which creates the ROTLD-class zombies that originated the oft-reused line "BRAAAAAAAAAAAAINS."* Hijinks ensue (at a rave). (To the grave).

* Romero's zombies were not picky eaters, and showed no penchant for any particular cut of human.

FIRST POST

Thu, 24 Apr 2008 16:54:00 -0500

Welcome to my blog... web... thing.

One of my New Year's resolutions was to jump on early 2000's bandwagons, so I will be forwarding virus hoaxes and Banana Dance to everyone who's ever had the misfortune of mailing me. Additionally, I will be blogging infrequently. I'm not interested in one thing enough to have a blog dedicated to a particular topic (unlike my hard-working brothers-in-forensics you may have noticed in the Links section), so this will be a grab bag. So if you are just interested in forensics and incident response, and hate game news, tough shit.*

Because I'll be talking about whatever I find interesting at the time. It'll mostly be talking about forensics & incident response (since that's what I do for a living) and electronic gaming (since that's what I do for fun). I may even have special guest bloggers for your enjoyment. EXCITING TIMES, EH, FRIENDO?

PS I also curse like a sailor.

PPS IRL too, it's quite a problem.

*It's not that tough, really - I mean you could just subscribe to stories posted in the Forensics topic. Show some initiative.