Robert Hensing, formerly of the MS PSS Security team and now with SWI, has started blogging again! This is great news, because Robert brings a wealth of experience and knowledge to the field of incident response and forensics. Also, due to his resources, he also brings a great deal of insight and detail to the things he investigates and shares with us.
For example, check out his most recent post involving web surfing activity found in the "Default User" directory (he also addressed something similar in his "Anatomy of a WINS Hack" post). What's interesting about this is that if you are using ProDiscover to examine an image, and you populate the Internet History View and find entries for "Default User", you've struck gold!
Robert tends to blog on a wide range of subjects, and his entries about Windows issues tend to be more technical and comprehensive than what you'll find on most sites. So, check it out and leave a comment...
2 comments:
Thanks. He hasn't done much in a while so I quit following his blog.
His new material is wonderful. I think he answered an issue that I have seeing where many network security tools, such as LanGuard, fail to function when scanning a Vista host.
Robert's always full of...good stuff! ;-)
Do you have more info about LanGuard and it's failure to scan a Vista host?
Post a Comment