Very interesting, and well worth the time it takes to read it. Enjoy!
The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics", as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools".
Pages
▼
Friday, September 29, 2006
New issue of the IJDE
The lastest edition of the International Journal of Digital Evidence (IJDE) is out, and the most interesting article (for me, anyway) is Jesse Kornblum's Exploiting the Rootkit Paradox with Windows Memory Analysis.
In the paper, Jesse makes some very simple, yet very important points that most folks probably don't think about when they're doing IR and decide that they've been infected with a rootkit; in particular, that rootkits want to remain hidden, and want to run.
Very interesting, and well worth the time it takes to read it. Enjoy!
Very interesting, and well worth the time it takes to read it. Enjoy!
No comments:
Post a Comment