Category: Incident Response

The Anonymous PR Guy and a Greece Connection

The Anonymous PR Guy and a Greece Connection

The PDF’s raw creation date further points to the Anonymous Press Release from yesterday being created in Greece, which happens to be the homeland of a graphic artist with the same name as the pdf’s author field, Alex Tapanaris.

WinPE 3.0 & Forensics

WinPE 3.0 & Forensics

It is a common task for an investigator to boot a machine using bootable media in the form of DVD or USB and there are countless options available. This tutorial is not intended to replace your favorite Helix CD or preferred method, but you may find this analysis interesting if you are a Windows expert performing a forensics analysis.

Reactivating DECAF in Two Minutes

Reactivating DECAF in Two Minutes

The misinformation on DECAF being shut down and a hoax is alarming and the quality of reporting on this security topic actually worse than usual. Earlier tonight we noticed this update from @slashdot on Twitter: “DECAF Was Just a Stunt, Now Over”, along with this: “Anti-COFEE tool taken down & d/l’ed copies disabled.”. Ok, fair enough, releasing DECAF was a stunt according to its two creators. But then we saw this train wreck of an article by Nick Eaton, the Microsoft Reporter over at the Seattle PI Blogs. So now we’re going to respond, because the incorrect DECAF as a big hoax story, a tool that supposedly never worked, is propagating through the Intertubes. DECAF was a working tool that can be easily re-enabled, because the shut down appears to only be a call back to decafme.org that is now disabled, but is easily spoofed, and we’ll demonstrate how.

Forensics: Beverages Aside, A Look at Incident Response Tools

Forensics: Beverages Aside, A Look at Incident Response Tools

In November, Microsoft’s forensics tool called COFEE (Computer Online Forensic Evidence Extractor) was leaked on torrents for download. The news coverage was much hype about nothing, as many free tools already out there exceed COFEE in features and functionality.

Regular or Decaf? Tool launched to combat COFEE

Regular or Decaf? Tool launched to combat COFEE

About a month ago, there was much news about the release of COFEE into the torrent wild. I even gave my two cents about the much hyped forensics toolkit which is provided to law enforcement for the purposes of easily capturing volatile data from personal computers during evidence collection. A tool to counter COFEE, aptly […]

Taxonomy of Forensics Geeks

Have you met these types in the forensics forums, lurking in your blog comments, or anywhere else on the Intertubes: The Back-Door Man who knows that MSFT has stealth back doors in Windows, or the Man of Few Words with his pithy “One word: TrueCrypt” style comments? Happy as a Monkey breaks it all down […]

More COFEE Please, on Second Thought…

The forensics tool provided to law enforcement officials created by Microsoft called COFEE  (Computer Online Forensic Evidence Extractor) has been leaked on torrents last week, and this has caused quite a bit of excitement.  Let’s see if the big deal is warranted.

The ATM receipt.

Good morning, you owe us $887,180 dollars and 48 cents

When you are in security long enough, people in your daily life seem to seek you out when they have a problem that may be security related. This morning was one of those times, when a friend showed me her most recent ATM receipt in a panic.