tag:blogger.com,1999:blog-9518042.post485137672836539896..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: Updated samparse.pl pluginUnknownnoreply@blogger.comBlogger11125tag:blogger.com,1999:blog-9518042.post-31121323004199996572016-02-11T01:03:11.534-05:002016-02-11T01:03:11.534-05:00Harlan, Good to know that its been updated to incl...Harlan, Good to know that its been updated to include that information. You should also add this other bit, if it is an MS account, then last logon date is not populated in the F value, and the tool output is therefore "Last Logon:Never" even when there have been logons. If its an MS account, then "Never" should not be printed, instead it can say "not available".Yogeshhttps://www.blogger.com/profile/08526932165369184069noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-11497455590754810832016-02-05T08:45:06.504-05:002016-02-05T08:45:06.504-05:00Thanks, Bill...and Semper Fi!
Thanks, Bill...and Semper Fi!<br />H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-75421963953347803132016-02-05T08:16:14.448-05:002016-02-05T08:16:14.448-05:00I really enjoy your writing and looking forward to...I really enjoy your writing and looking forward to this book. Thank you and Semper Fi!Anonymoushttps://www.blogger.com/profile/15892463252714005835noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-6242376610520882112016-02-04T16:00:39.582-05:002016-02-04T16:00:39.582-05:00mustu...
I couldn't make any possible sense o...mustu...<br /><br /><i>I couldn't make any possible sense of why one shouldn't compile the findings in the form of a book/blog? </i><br /><br />Apparently, this particular individual seems to think that no other organization has ever been breached, so saying something like, "...I was analyzing a system infected with PlugX..." would expose the breached company somehow...honestly, I don't know.<br /><br /><i>Isn't that how we learn from each other? </i><br /><br />Good question...I honestly don't know. A very few folks in this industry talk about what they see or do, so I do not know. ;-)H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-70927834080257204572016-02-04T15:57:18.329-05:002016-02-04T15:57:18.329-05:00Yeah I'll see if I can find the complete paper...Yeah I'll see if I can find the complete paper. The author finished their degree a couple years ago so they probably didn't add too much on top of this. randomaccesshttps://www.blogger.com/profile/17100194644054297262noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-44096328441926030282016-02-04T14:13:00.035-05:002016-02-04T14:13:00.035-05:00I couldn't make any possible sense of why one ...I couldn't make any possible sense of why one shouldn't compile the findings in the form of a book/blog? Isn't that how we learn from each other? What's wrong in writing a new book based on new experiences?mustuhttps://www.blogger.com/profile/09315645795782154130noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-42020865687950184532016-02-04T07:39:05.404-05:002016-02-04T07:39:05.404-05:00Its unfortunate the author didn't pass on this...<i>Its unfortunate the author didn't pass on this information to tool developers</i><br /><br />Well, looking at the paper, it doesn't appear to be complete. There's no date, and the references page has "1.", and that's it. It may be a draft. <br /><br />Also, I've found that many academic papers aren't aware of what FOSS tool authors are up to. For example, when I see papers, I don't often see that there's been an extensive literature search done. I guess it doesn't help when the instructors/professors themselves are out of date...I've been contacted by students at one particular school, asking me about updated information for RegRipper. Apparently, their professor was pointing them to a web site that was changed over two years ago. ;-(H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-83153141157807936462016-02-03T23:03:03.352-05:002016-02-03T23:03:03.352-05:00I've done a little bit more research into this...I've done a little bit more research into this and found a paper confirming a number of things that I have found (or vice versa, since it was written before I started looking into it)<br /><br />http://www.marshall.edu/forensics/files/Matts-Paper.pdf<br /><br />Its unfortunate the author didn't pass on this information to tool developersrandomaccesshttp://thisweekin4n6.wordpress.comnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-20149185710230476762016-02-03T12:55:59.472-05:002016-02-03T12:55:59.472-05:00Looking forward to the new release Harlan!!Looking forward to the new release Harlan!!ERZhttps://www.blogger.com/profile/09901563047821317682noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-40003991570863321682016-02-03T09:04:37.708-05:002016-02-03T09:04:37.708-05:00@Anonymous,
It's sad you have to even say thi...@Anonymous,<br /><br /><i>It's sad you have to even say this.</i><br /><br />Perhaps, but based on my experience, however limited it may be, I felt that it was important to point this out.<br /><br />As I said in the post, I was very recently told by someone that they were afraid to share information because they feared that I might create a new book based on what the information. Never mind that they could not point to an instance where I'd actually done this.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-88386710016222888072016-02-03T08:51:36.300-05:002016-02-03T08:51:36.300-05:00"And I haven't exposed, nor have I shared..."And I haven't exposed, nor have I shared any of that data."<br /><br />It's sad you have to even say this. Thanks for everything you post for our community, your books, and your tool contributions.Anonymousnoreply@blogger.com