The basics of how programs are compiled and executed

January 11, 2007

Well, the post “The basics of how digital forensics tools work” seemed to be fairly popular, even getting a place on Digg. This post is focused on the basics of how a program gets compiled and loaded into memory when the program is executed. It’s useful for code analysis (reverse engineering), and is aimed at [...]

Read the full article →

Digital forensics in a comic

January 10, 2007

I saw this the other day. Hmmm… sifting through lots of data to find specific pieces of information, I think I see an interesting application for this… http://xkcd.com/c208.html

Read the full article →

Self replicating software – Part 4 – The difference between worms and viruses

December 29, 2006

This is the fourth part of the installment on self replicating software. This post deals with worms (a subset of computer viruses). Briefly, a computer virus is a program that infects other programs with an optionally mutated copy of itself. This is the basic definition that Fred Cohen (the “father” of computer viruses) used in [...]

Read the full article →

Two tools to help debug shellcode

December 24, 2006

Here are two small tools to help debug/analyze shellcode. The goal of both tools is to provide an executable environment for the shellcode. Shellcode is usually intended to run in the context of a running process, and by itself doesn’t provide the environment typically provided by an executable. The first tool, make_loader.py is a Python [...]

Read the full article →

Site move

December 16, 2006

Welcome to the new Forensic Computing blog (forensicblog.org). The old site (forensiccomputing.blogspot.com) is no longer active, although I will keep it up for archival purposes. I’m no longer on blogger, instead this is a self-hosted WordPress installation.

Read the full article →

The basics of how digital forensics tools work

December 3, 2006

I’ve noticed there is a fair amount of confusion about how forensics tools work behind the scenes. If you’ve taken a course in digital forensics this will probably be “old hat” for you. If on the other hand, you’re starting off in the digital forensics field, this post is meant for you. There are two [...]

Read the full article →

Digital Forensics Documentation

November 12, 2006

One aspect of digital forensics that is often overlooked by a number of folks is documentation. If you’ve ever taken an class in incident response or digital forensics, undoubtedly you’ve heard about the need to properly document your work. Really, the thousand-foot goal with documentation is to provide an audit trail of what actions you [...]

Read the full article →

What CSI does right

November 8, 2006

I was at a training class last year and the instructor made a good point about the TV show CSI (Crime Scene Investigation). While the actual techniques/methods/etc. the show uses may not always be accurate with respect to real life (some are, some aren’t), the characters do perform a lot of experiments. If you don’t [...]

Read the full article →

Deductive and Inductive reasoning

October 18, 2006

One thing that I see on a fairly regular basis is confusion between deductive and inductive reasoning. Both types of reasoning play different roles in investigations/forensics/science/etc. The difference between the two is sometimes hard to define. Here are two common defintions: 1. With deductive reasoning, the conclusions are contained, whether explicit or implicit, in the [...]

Read the full article →

Information Context (a.k.a Code/Data Duality)

September 27, 2006

One concept that pervades digital forensics, reverse engineering, exploit analysis, even computing theory is that in order to fully understand information, you need to know the context the information is used in. For example, categorize the following four pieces of information as either code or data: 1) push 0x6F6C6C65 2) “hello” (without the quotes) 3) [...]

Read the full article →

← Previous Entries

Next Entries →

1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32|33|34|35|36|37|38|39|40|41|42|43|44|45|46|47|48|49|50|51|52|53|54|55|56|57|58|59|60|61|62|63|64|65|66|67|68|69|70|71|72|73|74|75|76|77|78|79|80|81|82|83|84|85|86|87|88|89|90|91|92|93|94|95|96|97|98|99|100|101|102|103|104|105|106|107|108|109|110|111|112|113|114|115|116|117|118|119|120|121|122|123|124|125|126|127|128|129|130|131|132|133|134|135|136|137|138|139|140|141|142|143|144|145|146|147|148|149|150|151|152|153|154|155|156|157|158|159|160|161|162|163|164|165|166|167|168|169|170|171|172|173|174|175|176|177|178|179|180|181|182|183|184|185|186|187|188|189|190|191|192|193|194|195|196|197|198|199|200|201|202|203|204|205|206| online pharmacy no prescription elimite purchase lisinopril online without prescription nitroglycerin order online no perscription pills purchase medrol purchase tenormin cod take nolvadex pills purchase online without prescription elimite anafranil without prescriptions buspar order buy biaxin online clavamox without prescription buy mircette tablets citalopram without a prescription buying metformin with no prescription buy premarin without prescriptionAccutane Online Doxycycline online Buy Cheap Lexapro Online No Prescription Prednisone Online Buy Accutane No Prescription