Have you ever wondered how some malware variants are able to delete themselves? A malicious executable is launched on a machine, and once launched in memory, the executable vanishes. This makes malware analysis very hard if no memory dump was taken, as there is seemingly nothing there. We can however use other artefacts to confirm … Continue reading Self deleting malware
Category: security
UK Digital Forensics Conferences 2012
Last year I did a post with the symposiums and conferences I found relating to digital forensics for the coming year as I could not find an authoritative source. Here is the 2012 list. Please add any more conferences as a comment or email me and I'll add them in. I'm sure there will be at least … Continue reading UK Digital Forensics Conferences 2012
Thoughts on the UK Cyber Security Strategy
In November the UK government released the “UK Cyber Security Strategy” which can be downloaded here. There are four main objectives which will be funded by £650million over 4 years under the “National Cyber Security Programme” (NCSP). The objectives are: To tackle cybercrime and be of the most secure places to do e-businessTo be more resilient … Continue reading Thoughts on the UK Cyber Security Strategy
Unicode making malware easier
I recently discovered a wonderful unicode character that makes the following text reverse called right-to-left-override. For example: print "Hello[U+202E]World", produces the output: Hello dlroW. I'm not sure of what legitimate reason you would use the unicode character, but several blogs have warned that it can be used by malware writers to get people to click on files. Most people … Continue reading Unicode making malware easier
Windows cookies
Windows released a security update on the 9th August which means that cookies are no longer stored in the usual <username>@<service>.txt, but are now a random set of 8 alphanumeric characters, e.g. A1B2C3D4.txt. It seems this has broken a lot of software, especially those than delete cookies as they probably rely on the fact that cookies had a very conventional … Continue reading Windows cookies
“Phone” “hacking”
I'm sure everyone in the UK is aware of the News of the World phone hacking stories, but hardly any of the coverage has been on the actual "hacking" and how they did it. It is in fact very trivial, and is not really hacking at all. The word "hacking" has many meanings, with Wikipedia … Continue reading “Phone” “hacking”
Computer forensics conferences in the UK
I couldn't find a definitive list of conferences, symposiums or seminars relating to computer forensics / cybercrime / IT security in the UK and Ireland anywhere so I scoured the Internet to come up with this list below. I've tried to find the ones that repeat, i.e. are not one offs. Please write a comment … Continue reading Computer forensics conferences in the UK
Online backups
I like backing stuff up. I have not yet actually had a computer crash on me and lose everything, but I do quite regularly reinstall Windows XP when it gets too slow. To make this an effortless process I used to have the C:\Documents and Settings folder live on a different partition, so when I reinstalled Windows … Continue reading Online backups
The Future of Encryption?
2 weeks ago I was writing an essay on the Open Computer Forensics Architecture (OCFA). I gave up trying to get OCFA to work in the end as it was just a total pain. The documentation is awful, and the error messages it spews out are not useful. Steven spent a few hours looking at their … Continue reading The Future of Encryption?
Lowmanio 