Saturday, January 17, 2009

New and interesting things

A couple of very interesting things have come about lately; in particular, Brendan has released some new Volatility modules for extracting Registry hives from memory dumps! Very cool stuff! From his post, not only has Brendan done a fantastic job extracting the data, but he's looking ahead to integrating RegRipper into this in order to perform analysis!

Also, don't forget about Brendan's moddump.py and threadqueues.py modules!

Matt Shannon introduced me to Peter Mercer yesterday, and pointed me toward Intella, which looks like a fantastic product. Peter also mentioned the tool here (holy GUI, Batman!), and looking at it's capabilities, it's not just a PST/NSF file parser.

Over on the Security Ripcord blog, Don Weber has worked up a variant of Yara called "Scout Sniper"...if you know or have met Don, that makes complete and total sense. Don's some great work with the tool, you should definitely take a look.

In addition to Intella, I will be taking a look at a couple of other tools shortly. John Sawyer commented on one of my blog posts, which includes a press release from HBGary about their FastDump Pro tool that you should really take a look at.

No comments: