|
|
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : As 2015 draws to a close, so does my work on Windows Registry Forensics, 2 e . My schedule has the manuscript completed just before the end of the year, and from what I've seen, the book itself is supposed to be available in April, 2016. As it is, I got the final material in to the publisher yesterday, three weeks ahead of schedule. Note The OFFICIAL re ONLY location of RegRipper is the GitHub repository. Do not send me emails about the Google Code site, or about the Wordpress page. Please stop referring to the Wordpress site, and please stop referring others i.e., your students to the site. Goals What I hoped to do with this edition is spend much less time focused on the basics of the Registry where the files are located and how to extract data from the Registry, and spend more time on data interpretation. I retained the basic material, as I think it's important to have that foundation before proceeding, but in chapters 3 and 4, I wanted to spend more real estate talking about how the available data needs to be interpreted correctly. What it is The second edition is a significant albeit not complete rewrite of the first edition. Some of the material remains the same because quite frankly, it doesn't change. There's some new stuff in there new keys values, AmCache.hve, etc. , and some stuff has been updated. There is some discussion that includes new versions of Windows, and there are examples specific to Windows 8, 8.1, and 10. In this edition, I separated various Registry artifacts by category, in hopes that it would be easier to follow, or visualize. We'll see... Throughout the book, as with my other books, I've used examples of how Registry analysis has had a significant impact on the analysis I've done. Unfortunately, most of the stories are from analysis I've done. Prior to starting the book, I held an online contest to see if folks from the community would be willing to send in little stories and vignettes about how Registry analysis had impacted their analysis I offered a free copy of the book, once it was published, for any and all submissions that appeared in the book. I got one submission. There is more content in this book that discusses using RegRipper. In fact, there's an entire chapter just on RegRipper. There is discussion of new plugins that I've written and added to the GitHub repository. In fact, here's a blog post that describes a couple of the ones I wrote and added to the repository these plugins are meant to be run intentionally, and I did not add them to any of the profiles. Speaking of new plugins, I'd like to ask that if you have a question about RegRipper, please do not post it to a forum first...because doing that makes it likely that you won't get an answer. Here's an example of a blog post where someone decided that RegRipper didn't do something, and instead of asking about it, just announced it. If there is something you'd like RegRipper to be capable of, please feel free to reach to me first...most times that results in RegRipper being able to do just that, usually within a few hours. What it is NOT This edition is NOT a complete compendium of all possible Registry keys and values that may be of interest to an analyst, in part because...quite simply...I don't know everything. I did not address all devices that contain Windows Registry hives, for the simple reason that I could not...I do not have access to Windows phones or other devices that include hives. I do get those questions i.e., What about Registry files from .... , so I thought I'd just go ahead and answer them ahead of time. As for the rest of the questions, like, ...did you cover this , and ...did you talk about this , you're SOL and missed your chance to get it included in the book, my friend...sorry. What's next I've been thinking for some time now about a scanner, where I'd be able to point the tool at a mounted image or shadow volume, make a couple of simple choices, and have the tool spit out the data. I like the idea of basing this on artifact categories and an analysis matrix. Resources InfoSecInstitute - Registry Forensics
Les derniers articles du site "Windows Incident Response" :
- Training Philosophy
- Cool Stuff, re WMI Persistence
- Windows Registry Forensics, 2E
- Event Logs
- Links Plugin Updates and Other Things
- Tools, Links, From the Trenches, part deux
- From the Trenches
- Updated samparse.pl plugin
- The Need for Instrumentation
- Analysis
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
