DFSP # 018 - John the Ripper
Last episode I talked about using Cain to attack Windows LANMAN and NTLM hashes. Next we will discuss John the Ripper, Linux password files and rainbow tables.
20 Jun 201624min
DFSP # 017 - Cracking Passwords with Cain
In the last episode I talked about PW psychology, an important part of operationalizing any PW cracking tool effectively. Face it, the math is against you so understanding a person's probable PW patte...
13 Jun 201623min
DFSP # 0016 - Password Psychology
The next mini series will focus on open source password attack tools. There are some pay options out there, however, most IR teams do not have a need for it and disk forensic teams use if infrequently...
6 Jun 201632min
DFSP # 015 - $UsnJrnl File
The $UsnJrnl is an artifact that logs certain changes to files in NTFS volumes. It is a great source of timeline information for malware\ IR investigations, time stomping concerns and anti-forensics a...
31 Mai 201613min
DFSP # 014 - Shimcache
In this episode I talk Shimcache, otherwise known as the Application Compatibility Cache. This registry key has existed since Windows XP and tracks executable on a system, making it a great source of ...
23 Mai 201618min
DFSP # 013 - Windows 10 Artifacts
In this episode I cover something I have been intending to do for some time: a Windows 10 artifacts overview. Here, I explore some key artifacts changes and what has stayed the same. Once I got into i...
16 Mai 201624min
DFSP # 012 - Just-Metadata
This episode I talk Just-Metadata, a freely available tool that gathers data about IP addresses from publicly available resources. Check out Truncer's website to learn more. I put together my quick st...
9 Mai 201614min
DFSP # 011 - PALADIN
This episode I talk about PALADIN from SUMURI. PALADIN is a modified “live” Linux distribution based on Ubuntu that simplifies various forensics tasks in a forensically sound manner via the PALADIN To...
2 Mai 201624min
