Evernote Share for Forensics – Legal

Posted by on 2012/03/09 No comments

I was able to get most of my legal notes organized. Every case law mentioned should have a corresponding link to an archived copy; available within the Evernote share. Some archived links required uploading a PDF. Hopefully it all came together in a useful way.

While the web links are OK, if you have the Evernote client installed, you can link these to your account by clicking the “Link to my Account” button in the top right. It makes reading and navigating much more enjoyable.

The previous article had an error in the Forensic – Windows link and has been fixed.

Forensics – Legal

Playing catchup

Posted by on 2012/03/04 2 comments

It has been a while since I’ve posted. There have been a number of articles that I’ve wanted to publish, but each has had an issue. I’ll address two for now.

The Forensic Intelligence script, as I originally conceived it, has been abandoned. The script was a wrapper for Nirsoft tools. As I was writing the script, everything appeared to be checking out in that I was getting results. Unfortunately, those results were of my own machine and not of the mounted image file. A few of the tools do not support the command line and even more are inconsistent in their implementation meaning the reports wouldn’t be as polished as I had hoped. Combining these two issues, I’ve stopped work on this project.

The Evernote post and forensic note sharing is another story. For a long time, I struggled with how to present my notes to the community. David Gold reached out after I mentioned his book on G+ and I ran across this after some of his linked articles: “It’s your system, and no one else will be using it. It only needs to make sense to you.” In this whole process, I forgot that first and foremost these are my notes that I’ve accumulated or written over time. I’m only sharing that and with it my organization (madness). Without further adieu …

I have not included a few notes since they include personal information or sensitive materials (LES/FOUO). I do have a Legal notebook that I’d like to share in the near future, but I have to clean up the content quite a bit. The above notebooks will be heavily changed with topics broken out more, but I really wanted to get this out there. I’m not expecting much feedback or use out of it, but I think it’s a shame how little our community shares. Hopefully this will help break some of that resistance at a bare minimum.

Any suggestions and feedback would be greatly welcomed. There is a ton of content and resources out there. It is impossible to find and archive it all, but I’ve found that some stuff is just hard to find if you don’t save it. That is my goal and I do hope you find a use for it.

The Day of SOPA Protests

Posted by on 2012/01/18 No comments

Hitler reacts to SOPA:

World of Warcraft Macros – Companion Count

Posted by on 2011/11/07 No comments

For the pet and mount collectors out there, here is a macro I learned of from Drey; it’s short and sweet.

/run print ('Mounts: ' .. GetNumCompanions("MOUNT") .. ", Pets: " .. GetNumCompanions("CRITTER"))

Forensic Intelligence

Posted by on 2011/11/07 No comments

In the past two years since beginning forensic work, I have wanted to convert my incident response scripts to a system that could do much of the grunt, preview work for me; particularly, getting browser history dumps and basic registry information for report writing. I have also wanted to give PowerShell a whirl. Unfortunately (not surprising), I discovered that I PowerShell is not a flexible way to distribute scripts. It is amazingly good for IT work.

That said, I want to go ahead an upload the PowerShell version. While it is rough and only supports one external call, it should give a clear idea how the new version will function. Hopefully someone will also find the code useful. I do looking forward to Harlan Carvey releasing his forensic scanner.

Forensic Intelligence: forint.ps1

Whole Lotta Passwords

Posted by on 2011/11/03 No comments

It seems that every time the topic of password cracking comes up, there is a question that quickly follows: “do you have a dictionary?” There are a number of websites that maintain lists of default passwords for equipment. Two that seem to receive a bit of attention are SearchLores and Liquid Matrix. However, Skull Security took things a bit further and have provided links to various leaked databases that have appeared in the last year. These are real passwords used at live sites.

I decided to take all three and combine them into a single master list. I have also included the leaked account names from the recent #OpDarknet. While not passwords, these account names are descriptive for a particular niche lending to the possibility that they may also be passwords. Either way, they are included. If someone believes there is a better way to distribute this, please comment. The original files are separated, but were consolidated for this post.

The file WholeLottaPasswords.7z weighs in at 36.6 MB compressed and 150 MB uncompressed. It contains 14,504,798 unique lines. Enjoy.

As a counter-point to this article, if you find yourself using the same password at multiple sites, weak passwords, or you find your password in this list … you may want to read Password Management.

Download: WholeLottaPasswords.7z

CRC32: BA824EDF
MD5: ABC5C4999D35DAEE6457E76E6CAFBBB9
SHA-1: 42796B41B8A801C3AAAAD25F5917299E943D0004

Site News

Posted by on 2011/10/30 No comments

All downloadable content is now hosted under this site.

WordPress huge and it is taking a while to learn, use, tweak, and secure. HostGator (cPanels) itself is a beast with its own learning curve. SquareSpace had two really nice features going for it: great SEO and a reduced, super clean traffic analyzer compared to the detailed AWStats.

Redirects and Digg

Posted by on 2011/10/28 No comments

Well, most all the pages should be redirecting from their old links and RSS should be set now.

For mod_rewrite stuff targeting WordPress:

mod_rewrite, tips and tricks

10 awesome .htaccess hacks for wordpress

In other news, apparently Digg stopped allowing users to auto-submit stories based on their feed.

Migration Update

Posted by on 2011/10/28 No comments

All of the posts have been copied over. I noticed that many of the posts had numerous typos in them. These, hopefully, have been addressed and will occur in fewer amounts due to the clearer edit pane used by WordPress. We shall see.

I expedited the migration a bit since Jimmy Weg graciously linked my Forensic Artifacts page yesterday. That page was quite ugly, so I have moved the domain for those who are slow to read mailing lists; this should be much easier to read.

Any linked files will point to the old site (hopefully) and they will be migrated this weekend. The RSS feed is not redirected as I had hoped. There are some other minor kinks to work out, but hopefully this is a better format.

Questions and comments are always welcome. If something looks wrong, please feel free to holler.

Switching Hosts

Posted by on 2011/10/26 No comments

In light of the problems I am having with providing code examples, I’m packing bags and changing hosts. All of the articles are being migrated over and everything should be seamlessly switched by the weekend. The only part I am unsure of is the RSS feed.