Friday, May 23, 2014

Daily Blog #335: Saturday Reading 5/24/14

Hello Reader,
       It's Saturday and after a long two weeks in Las Vegas it was back to the lab with expert reports and declarations waiting for me to write. If you are like me and recovering your work load its time to keep up with the latest research to see how you can keep ahead of whats coming next. Time for more links to make you think in this weeks Saturday Reading.

0. We launched the Triforce ANJP! Go check it out and buy a copy at http://www.gettriforce.com

1. The Forensic Lunch this week was live from CEIC, with a total of three shows! You can watch them here:

Day 1: http://hackingexposedcomputerforensicsblog.blogspot.com/2014/05/daily-blog-331-forensic-lunch-live-from.html
Day 2: http://hackingexposedcomputerforensicsblog.blogspot.com/2014/05/daily-blog-332-forensic-lunch-live-from.html

2. Brian Moran has been very, very busy this week. Not only sending in a guest post to my blog but posting 4 blog posts of his own.

The first is a write up all about advanced analysis of the ZeroAccess rootkit and updates to his Windows response toolkit, http://brimorlabs.blogspot.com/2014/05/zeroaccess-windows-command-line-code.html

The next post is a three part series about data exfiltration using BlueTooth and the analysis to detect it
Part 1: http://brimorlabs.blogspot.com/2014/05/bluetooth-for-data-exfiltration-say.html
Part 2: http://brimorlabs.blogspot.com/2014/05/bluetooth-for-data-exfiltration-say_22.html
Part 3: http://brimorlabs.blogspot.com/2014/05/bluetooth-for-data-exfiltration-say_23.html

3. Sharon Nelson has a new blog post up covering a case involving a network engineer who decided to take down his old employer on the way out, http://ridethelightning.senseient.com/2014/05/network-engineer-sentenced-to-four-years-for-destroying-company-data.html. Read this to keep your office space dreams at bay.

4. Harlan has a new post up all about self publishing your next book. If you are considering writing a book please read Harlan's blog and carefully and understand the level of effort involved. Once you've done so carefully consider your next steps and what route to market you want to take:
http://windowsir.blogspot.com/2014/05/book-writing-to-self-publish-or-not.html

5. Adam from Hexacorn is back with part 12 of the beyond the run key series, this week with a focus on Rover autostart mechanism http://www.hexacorn.com/blog/2014/05/21/beyond-good-ol-run-key-part-12/

6. Ryan over at Obsidian Forensics has a new blog up talking about the process of porting his previously perl tool Hindsight to python http://www.obsidianforensics.com/blog/python-version-of-hindsight-released/

7. Version 5 of REMnux has been released, a handy reverse engineering distribution gets better http://blog.zeltser.com/post/86508269224/remnux-v5-release-for-malware-analysts

8. A new release candidate for Plaso is out, Kristinn and team are asking that everyone test and report any bugs they find get a copy here: https://googledrive.com/host/0B30H7z4S52FleW5vUHBnblJfcjg/1.1.0/RC1