Thoughts, musings, knowledge, etc. about digital forensics. As well as how computer science, IT (information technology) and IS (information security) relate.
This is the fourth part of the installment on self replicating software. This post deals with worms (a subset of computer viruses).
Briefly, a computer virus is a program that infects other programs with an optionally mutated copy of itself. This is the basic definition that Fred Cohen (the “father” of computer viruses) used in [...]
Here are two small tools to help debug/analyze shellcode. The goal of both tools is to provide an executable environment for the shellcode. Shellcode is usually intended to run in the context of a running process, and by itself doesn’t provide the environment typically provided by an executable.
The first tool, make_loader.py is a [...]
Welcome to the new Forensic Computing blog (forensicblog.org). The old site (forensiccomputing.blogspot.com) is no longer active, although I will keep it up for archival purposes. I’m no longer on blogger, instead this is a self-hosted Wordpress installation.
I’ve noticed there is a fair amount of confusion about how forensics tools work behind the scenes. If you’ve taken a course in digital forensics this will probably be “old hat” for you. If on the other hand, you’re starting off in the digital forensics field, this post is meant for you.
There are two primary [...]
