|
|
|
Windows Registry Forensics, 2E |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : Okay, the book is out At last This is the second edition to Windows Registry Forensics, and this one comes with a good bit of new material. Chapter 1 lays out what I see as the core concepts of analysis, in general, as well as providing a foundational understanding of the Registry itself, from a binary perspective. I know that there are some who likely feel that they've seen all of this before, but I tend to use this information all the time. Chapter 2 is again about tools. I only cover available free and open-source tools that run on Windows systems, for the simple fact that I do not have access to the commercial tools. Some of the old tools are still applicable, there are new tools available, and some tools are now under license, and in some cases, the strict terms of the license prevent me from including them in the book. Hopefully, chapter 1 laid the foundation for analysts to be able to make educated decisions as to which tool s they prefer to use. Chapters 3 and 4 remain the same in their focus as with the first edition, but the content of the chapters has changed, and in a lot of aspects, been updated. Chapter 5 is my answer to anyone who has looked or is looking for a manual on how to use RegRipper. I get that most folks download the tool and run it as it, but for my own use, I do not use the GUI. At all. Ever. I use rip.exe from the command line, exclusively. But I also want folks to know that there are more targeted and perhaps efficient ways to use RegRipper to your advantage. I also include information regarding how you can write your own plugins, but as always, if you don't feel comfortable doing so, please consider reaching to me, as I'm more that happy to help with a plugin. It's pretty easy to write a plugin if you can a concisely describe what you're looking for, and b provide sample data. Now, I know folks are going to ask about specific content, and that usually comes as the question, do you talk about Windows 10 My response to that it to ask specifically what they're referring to, and very often, there's no response to that question. The purpose of this book is not to provide a list of all possible Registry keys and values of interest or value, for all possible investigations, and for all possible combinations of Windows versions and applications. That's simply not something that can be achieved. The purpose of this book is to provide an understanding of the value and context of the Windows Registry, that can be applied to a number of investigations. Thoughts on Writing Books There's no doubt about it, writing a book is hard. For the most part, actually writing the book is easy, once you get started. Sometimes it's the getting started that can be hard. I find that I'll go through phases where I'll be writing furiously, and when I really need to stop for sleep, life, etc. , I'll take a few minutes to jot down some notes on where I wanted to go with a thought. While I have done this enough to find ways to make the process easier, there are still difficulties associated with writing a book. That's just the reality. It's easier now than it was the first time, and even the second time. I'm much better at the planning for writing a book, and can even provide advice to others on how to best go about it and what to expect . At this point, after having written the books that I have, I have to say that the single hardest part of writing books is not getting feedback from the community. Take the first edition of Windows Registry Forensics, for example. I received questions such as, ...are you planning a second edition , and when I asked for input on what that second edition should cover, I didn't get a response. I think that from a 50,000 foot view, there's an expectation that things will be different in the next version of Windows, but the simple fact is that, when it comes to Registry forensics, the basic principles have remained the same through all available versions. Keys are still keys, deleted keys are still discovered the same way, values are still values, etc. From an application layer perspective, its inevitable that each new version of Windows would include something new , with respect to the Registry. New keys, new values, etc. The same is true with new versions of applications, and that includes malware, as well. While the basic principles remain constant, stuff at the application layer changes, and it's very difficult to keep up without some sort of assistance. Writing a book like this would be significantly easier if those within the community were to provide feedback and input, rather than waiting for the book to be published, and ask, ...did you talk about X Even so, I hope that folks find the book useful, and that some who have received their copy of the book find the time to write a review. Thanks.
Les mots clés de la revue de presse pour cet article : windows
Les videos sur SecuObs pour les mots clés : windows
Les mots clés pour les articles publiés sur SecuObs : windows
Les éléments de la revue Twitter pour les mots clé : windows
Les derniers articles du site "Windows Incident Response" :
- Training Philosophy
- Cool Stuff, re WMI Persistence
- Windows Registry Forensics, 2E
- Event Logs
- Links Plugin Updates and Other Things
- Tools, Links, From the Trenches, part deux
- From the Trenches
- Updated samparse.pl plugin
- The Need for Instrumentation
- Analysis
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
