SANS ISC: Some interesting reading for a snowy Saturday

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

As I sit here during the first Blizzard Warning in central Ohio in 10 years, I was looking through some of the articles I've clipped to read when I had the time and it looks like I may have the time this weekend.  While I was at it, I figured I'd share with the rest of you.  I'm also working on a couple of scripts that should be ready for public release in a week or two, but I'll post another story when they are ready to go.  So, here, in no particular order are some interesting articles for your reading pleasure.

• Andreas Schuster has been doing a series on his blog on forensic acquisition.  I recommend the entire series, but I especially liked this one from last month on acquisition via Firewire.
• Also, for the malware analysts out there, there is this story on Offensive Computing that has a nice demo of automated unpacking with OllyDbg.
•  We've done stories before asking for your suggestions on useful tools, but Harlan Carvey had these two stories on his blog on useful forensic tools and in the second, pointed out this paper by Richard Austin from Kennesaw State University.
• And speaking of useful tools, Jesse Kornblum as released dc3dd.  He announced it here and has a writeup about it here.  As with dcfldd, this tool does on-the-fly piecewise hashing but can track the changes in the GNU version of dd more quickly.
• Speaking of Jesse Kornblum, if you haven't read his paper on context-triggered piecewise hashing, you should.  I'm a big fan of ssdeep.