AOH :: ISNQ5239.HTM

New tool could help computer forensics move off the disk and into memory




New tool could help computer forensics move off the disk and into memory
New tool could help computer forensics move off the disk and into memory



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-1040879677-1248947039=:24309
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://gcn.com/articles/2009/07/29/black-hat-briefings-memory-forensics.aspx 

By William Jackson
GCN.com
July 29, 2009

LAS VEGAS - Tools such as Metasploit=E2=80=99s meterpreter for the automated 
delivery of stealthy payloads are making it more difficult for 
researchers to find out after the fact exactly what happened to an 
exploited computer.

Meterpreter can let an attacker upload malware files to a computer that 
do not touch the disk, which is where traditional forensics tools look 
to find evidence of malicious activity.

=E2=80=9CMeterpreter breaks all disk forensics,=E2=80=9D said Peter Silberman, an 
engineer at Mandiant Inc. So researchers now are looking into memory for 
evidence of wrongdoing. =E2=80=9CThis is a new frontier in forensics analysis.=E2=80=9D

Silberman and Stephen Davis, a Mandiant security consultant, 
demonstrated a new memory analysis tool Wednesday at the Black Hat 
Briefings security conference. By examining traces of memory that can 
remain resident on a computer for surprisingly long times, they can find 
evidence of malicious activity that is not visible elsewhere.

[...]


--1457021584-1040879677-1248947039=:24309
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________      
Attend Black Hat USA, July 25-30 in Las Vegas, 
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com 
--1457021584-1040879677-1248947039=:24309--

Site design & layout copyright © 1986-2014 CodeGods