Tuesday, October 27, 2009


F-Response 3.09.05 is out! With this version comes "Compatible with Windows 7" status, as well as additional platform support (ie, HP-UX, and FreeBSD 7). If you haven't been watching Matt's product, all I can say is, you really need to be. Why? What does F-Response offer? As an incident responder, one of the biggest issues I've had to face is the lack of available data for analysis. This is most often due to the fact that the "victim" is woefully unprepared for those incidents that will, without question, occur. The short story here is that for relatively little expense, F-Response provides system owners and first responders (who should be the folks on-site) with the ability to quickly gather data so that the questions they do have (ie, was the system infected/compromised, was sensitive data on the system, etc.) can be answered.

Thanks to JL, we should be looking for a new release of Volatility soon! JL's been doing a lot of great work documenting Volatility, as well.

A bunch of us will be at the NetWitness User Conference next week...I won't be speaking, but I will be there with my employer. This is a great product, and if you don't already know about it, you really should check it out. Richard Bejtlich of TaoSecurity fame, perhaps the predominant NSM luminary, has blogged about NetWitness, albeit not recently. Maybe there's something on the horizon...we can only hope!

TrueCrypt 6.3 is out, with full support for Windows 7 and MacOSX 10.6 Snow Leopard! If you're one of those folks who loves the MacBook hardware, and loves to have the ability to use both MacOSX and Windows (via BootCamp), then you now have the ability to protect sensitive (ie, customer) data on both platforms.

Hey, did you know that this guy has been collecting screenshots from TweetMyPC? Looking at the archive, all of the screenshots are from this past summer (June through August), but still...probably a little more revealing than I'd like to have folks see! Reminds me of the site that used to be up a couple of years ago called "seewhatyoushare.com"...

Christa Miller had an excellent article posted on Officer.com, regarding crime scene evidence that's being ignored. While specific to LE, my own experience tells me that this is also the case with IR activities, where first responders don't often recognize the value in certain devices or data. Also important in today's day and age, Christa raises the issue of evidence "in the cloud". I'd blogged about 4 1/2 years ago about GMail Drive artifacts, and it's good to see Christa bringing this sort of thing back into focus again.

There are some thought provoking posts over on the Cassandra Security site...give them a look and a read, leave your comments. At least one of the guys over there is a former Marine, like myself, and this guy...so that's a recipe for some interesting posts!

The Free Tools post is really taking off...if you've got something to add, please feel free to make a comment. Really. Just add a comment if you have a free tool for Windows systems that isn't already on the list.

No comments: