When my friend Didier Stevens contacted me last year to help him with a BruCON 5×5 project, I simply could not decline! Didier developed a framework to perform forensic investigations on Cisco routers. His framework is called NAFT (â€œNetwork Appliance Forensic Toolkitâ€). It is written in Python and provides a
Two days ago, I attended an event about “big data” (yeah, another buzz word) and how to use it for security purposes. One of the presented talks was very interesting and almost changed my mind about our best friends (or nightmare)… logs! When I’m talking about log management with customers,
I got a new company car. W00t! After the basic welcome-tour of the different options, I went deeper and reviewed the on-board computer configuration options. Today, modern cars integrate multimedia interfaces to manage information from several sources: GPS coordinates (past as well as present) Phone books synchronized from phones over
pcapr.net is a cloud (again!) service available for a while. Basically, it’s a repository of pcap (“packet capture”) traces uploaded by members. The packets are dissected and presented in a human readable form. Once inspected and indexed, a search engine helps you to find interesting traces using a simple syntax
As I wrote in a previous blog post, I went to the FIC2010 conference last week. One of the talks I attended was about the “2centre” initiative. 2centre (“2c” for “cc”) means “Cybercrime Centers of Excellence Network for Training, research and Education“. Those centers of excellence focus on law enforcement.
It was announced a few days ago: Microsoft COFEE has been leaked on the wild Internet! Microsoft COFEE stands for “Computer Online Forensic Evidence Extractor“. This “forensic swiss army knife” is available for free to police forces around the world to conduct official forensics investigations. Note: It’s reportedly illegal for
Back from a one-day trip to Amsterdam where I attended the “Secure Amsterdam Workshop 2009” meeting organized by ISC2. This year topic was forensics IT investigations. The first speaker was Matthijs van der Wel from Verizon Business who reviewed the 2009 Data Breach Investigations Report. It was interesting to have
Sometimes during forensics investigations, it can be useful to recover deleted or temporary files transferred by users and/or processes with protocols like FTP or HTTP. Let’s see how to achieve this using pcap files! libpcap is an API which provides network packets capture facilities. Very common on Unix, there is