ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between pages "List of Cyberspeak Podcast Interviews" and "Second Look"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
The [[Cyberspeak podcast]] usually features at least one interview per show. The guests on each show are listed below.
+
[[File:second_look_logo.png]]
  
=== 2005 ===
+
The Incident Response edition of '''Second Look®: Linux Memory Forensics''' is designed for use by investigators who need quick, easy, and effective Linux memory acquisition and analysis capabilities.
  
* 18 Dec 2005: [[Nick Harbour]], author of [[Dcfldd|dcfldd]]
+
== Memory Acquisition ==
* 31 Dec 2005: [[Jesse Kornblum]], author of [[foremost]] and [[md5deep]]
+
Second Look® preserves the volatile system state, capturing evidence and information that does not exist on disk and may otherwise be lost as an investigation proceeds.  A command-line script allows for acquisition of memory from running systems without introducing any additional software.  A memory access driver is provided for use on systems without a native interface to physical memory.
  
=== 2006 ===  
+
== Memory Analysis ==
 +
Second Look® interprets live system memory or captured memory images, detecting and reverse engineering malware, including stealthy kernel rootkits and backdoors.  A kernel integrity verification approach is utilized to compare the Linux kernel in memory with a reference kernel.  Pikewerks provides thousands of reference kernels derived from original distribution kernel packages, and a script for creating reference kernels for other systems, such as those running custom kernels.
  
* 7 Jan 2006: [[Drew Fahey]], author of [[Helix]]
+
Second Look® also applies an integrity verification approach for the analysis of each process in memory.  This enables it to detect unauthorized applications as well as stealthy user-level malware.
* 18 Jan 2006: [[Simple Nomad]]
+
* 21 Jan 2006: [[Johnny Long]]
+
* 28 Jan 2006: [[Kevin Mandia]]
+
  
 +
== Supported Systems ==
 +
Second Look® is regularly updated to support analysis of the latest kernels and the most commonly used Linux distributions.  The following are its capabilities as of April 2012:
 +
* Supported target kernels: 2.6.x, 3.x up to 3.2
 +
* Supported target architectures: x86 32- and 64-bit
 +
* Supported target distributions: Debian 4-6, RHEL/CentOS 4-6, Ubuntu 4.10-12.04, and more!
  
* 4 Feb 2006: [[Brian Carrier]]
+
== External Links ==
* 11 Feb 2006: [[Jesse Kornblum]]
+
Second Look® is a product of [[Raytheon Pikewerks Corporation]]:
* 18 Feb 2006: [[Bruce Potter]] of the Shmoo Group
+
* http://secondlookforensics.com
* 25 Feb 2006: [[Kris Kendall]] speaks about malware analysis
+
 
+
 
+
* 4 Mar 2006: [[Dave Merkel]]
+
* 11 Mar 2006: [[James Wiebe]] of [[Wiebe Tech]]. Also [[Todd Bellows]] of [[LogiCube]] about [[CellDek]]
+
* 18 Mar 2006: [[Kris Kendall]]
+
* 25 Mar 2006: (No interview)
+
 
+
 
+
* 1 Apr 2006: [[Harlan Carvey]], creator of the [[Forensic Server Project]]
+
* 8 Apr 2006: (No interview)
+
* 15 Apr 2006: (No interview), but first to mention the [[Main_Page|Forensics Wiki]]!
+
* 22 Apr 2006: [[Jaime Florence]] about [[Mercury]], a text indexing product
+
 
+
 
+
* 6 May 2006: [[Mark Rache]] and [[Dave Merkel]]
+
* 13 May 2006: [[Steve Bunting]]
+
* 21 May 2006: [[Mike Younger]]
+
* 29 May 2006: [[Mike Younger]]
+
 
+
 
+
* 3 Jun 2006: [[Jesse Kornblum]] about [[Windows Memory Analysis]]
+
* 10 Jun 2006: (No interview)
+
* 17 Jun 2006: [[Mike Younger]]
+
* 24 Jun 2006: (No interview)
+
 
+
 
+
* 1 Jul 2006: (No interview)
+
* 9 Jul 2006: [[Johnny Long]]
+
* 18 Jul 2006: [[Dark Tangent]]
+
* 30 Jul 2006: [[Jesse Kornblum]] about [[Ssdeep|ssdeep]] and [[Context Triggered Piecewise Hashing|Fuzzy Hashing]]
+
 
+
 
+
* 10 Aug 2006: [[Brian Contos]] discusses his book ''Insider Threat: Enemy at the Watercooler''
+
* 13 Aug 2006: [[Richard Bejtlich]] discusses his book ''Real Digital Forensics''
+
* 27 Aug 2006: [[David Farquhar]]
+
 
+
 
+
* 3 Sep 2006: [[Keith Jones]]
+
* 10 Sep 2006: (No Interview)
+
* 17 Sep 2006: (No Interview)
+
* 24 Sep 2006: (No Interview)
+
 
+
 
+
* 1 Oct 2006: [[Brian Kaplan]], author of [[LiveView]]
+
* 8 Oct 2006: [[Tom Gallagher]] discusses his book ''Hunting Security Bugs''
+
* 15 Oct 2006: (No Interview)
+
* 29 Oct 2006: (No Interview)
+
 
+
 
+
* 12 Nov 2006: [[Jesse Kornblum]] discusses his paper ''Exploiting the Rootkit Paradox with Windows Memory Analysis''
+
* 19 Nov 2006: [[Kris Kendall]] discusses unpacking binaries when conducting malware analysis
+
* 26 Nov 2006: (No Interview)
+
 
+
 
+
* 3 Dec 2006: [[Brian Dykstra]]
+
* 10 Dec 2006: [[Mike Younger]]
+
* 17 Dec 2006: [[Mike Younger]] and [[Geoff Michelli]]
+
 
+
 
+
=== 2007 ===  
+
 
+
* 7 Jan 2007: [[Jamie Butler]]
+
* 17 Jan 2007: [[Chad McMillan]]
+
* 28 Jan 2007: [[Jesse Kornblum]]
+
 
+
 
+
* 11 Feb 2007: [[Scott Moulton]]
+
* 18 Feb 2007: [[Phil Zimmerman]], creator of [[PGP]] discussing his new [[Zfone]]
+
* 25 Feb 2007: [[Mark Menz]] and [[Jeff Moss]]
+
 
+
 
+
* 4 Mar 2007: No show due to technical difficulties
+
* 12 Mar 2007: [[Trevor Fairchild]] of [[Ontario Provincial Police Department]] discussing [[C4P]] and [[C4M]], both add-ons to [[EnCase]]
+
* 18 Mar 2007: [[Tony Hogeveen]] of [[DeepSpar]] Date Recovery Systems
+
* 25 Mar 2007: Shmoocon broadcast
+
 
+
 
+
* 1 Apr 2007: [[Kevin Smith]] from LTU Technologies about [[Image Seeker]]
+
* 15 Apr 2007: [[Jim Christy]] from the [[Defense Cyber Crime Center]]
+
* 22 Apr 2007: [[Jesse Kornblum]] all about the [[Main_Page|Forensics Wiki]]!
+
* 29 Apr 2007: [[Harlan Carvey]] discusses his new book
+
 
+
 
+
* 13 May 2007: [[Russell Yawn]]
+
* 20 May 2007: No interview
+
 
+
 
+
* 2 June 2007: No interview
+
* 10 June 2007: [[Paul Ohm]]
+
* 17 June 2007: No interview
+
* 24 June 2007: No interview
+
 
+
 
+
* 1 July 2007: No interview
+
* 22 July 2007: [[Didier Stevens]] about the [[UserAssist]] registry parser
+
* 29 July 2007: No interview
+
 
+
 
+
* 23 Sep 2007: No interview
+
* 30 Sep 2007: No interview
+
 
+
 
+
* 15 Oct 2007: No interview
+
 
+
 
+
* 12 Nov 2007: No interview
+
 
+
 
+
* 21 Dec 2007: No interview
+
 
+
 
+
=== 2008 ===
+
 
+
 
+
* 14 Jan 2008: No interview
+
 
+
 
+
* 10 Feb 2008: No interview
+
* 17 Feb 2008: Unknown
+
 
+
 
+
* 8 Mar 2008: [[Simson L. Garfinkel|Dr. Simson Garfinkel]] about the [[AFF|Advanced Forensic Format]]
+
* 16 Mar 2008: No interview
+
* 31 Mar 2008: No interview
+
 
+
 
+
* 13 Apr 2008: No interview
+
* 27 Apr 2008: No interview
+
 
+
 
+
* 10 May 2008: [[Al Lewis]] from [http://subrosasoft.com/ Subrosasoft] about the [[Mac Lockpick]]
+
 
+
 
+
* 1 Jun 2008:  [[Mark McKinnon]] from [http://redwolfcomputerforensics.com/ Red Wolf Computer Forensics] about his [[CSC Parser]].
+
* 15 Jun 2008: No interview
+
* 28 Jun 2008: No interview
+
 
+
 
+
* 6 Sep 2008: [[Jesse Kornblum]] about fun tricks with computer memory
+
 
+
 
+
* 28 Sep 2008: [[Kevin Mandia]] about incident response
+
 
+
 
+
=== 2010 ===
+
 
+
* 3 Jan 2010: [[Amber Schroader]]  about [http://www.paraben.com/ Paraben] and what we have to look forward to!
+
 
+
* 17 Jan 2010: [[Didier Stevens]] about some of his recent [http://blog.didierstevens.com/ forensic tools and research], including the changes to the UserAssist registry keys in Windows 7 and his malicious PDF tools.
+
 
+
* 31 Jan 2010: [[Robert Botcheck]], founder and owner of [http://www.tableau.com/ Tableau] talks about new Tableau Imager (TIM)
+
 
+
 
+
* 28 Feb 2010: [[Christa Miller]] http://www.christammiller.com/ about the need for law enforcement and digital forensics specialists to manage their online resumes.
+
 
+
 
+
* 21 Mar 2010: [[Joe Seanor]], a former Senior AOL Investigator.  Joe has developed the [http://www.internetpredatortracker.com/ Internet Predator Tracker] software.
+
 
+
 
+
* 4 Apr 2010: [[Kristinn Gudjonsson]] update on Timeline Analysis and [http://log2timeline.net/ Log2Timeline]
+
* 19 Apr 2010: [[Nick Ferneau]], developer of Skypx, a free utility that recovers Skype artifacts from RAM images.
+
 
+
 
+
* 24 May 2010: [[Sam Guttman]] President of the [http://www.ncfs.org/dfcb Digital Forensics Certification Board], an international vendor neutral computer forensic certification authority.
+
 
+
 
+
* 18 Jul 2010: [[Kristinn Gudjonsson]] about Timeline Analysis and [http://log2timeline.net/ Log2Timeline]
+
 
+
 
+
* 25 Oct 2010: [[Sean Morrisey]] about iOS forensics and [http://www.katanaforensics.com/ Katana Forensics]
+
 
+
 
+
* 16 Nov 2010: [[Jeff Nash]] about LACE image and video categorization software and [http://www.bb-les.com/ BlueBear Law Enforcement Services]
+
 
+
 
+
* 1 Nov 2010: [[Raphael Bousquet]] about [http://www.adfsolutions.com/index.php?option=com_content&view=article&id=65&Itemid=72 ADF Triage]
+
 
+
 
+
=== 2011 ===
+
 
+
 
+
* 16 Jan 2011:  [[Mark Wade]] about prefetch forensics
+
 
+
* 5 Apr 2011:  [[Scott Moulton]] about Solid State Hard Drives Forensics
+
 
+
* 26 Jun 2011: [[Josh Goldfoot]] about [http://www.bjcl.org/current/16_1/3_Goldfoot_draft1.pdf The Physical Computer and the 4th Amendment] * 30 Jun 2011: [[Cindy Murphy]]: about the launch of the CDFS
+
 
+
* 18 Jul 2011: [[George Starcher]] about password cracking using Access Data’s DNA and Amazon’s Elastic Compute Cloud.
+
 
+
* 18 Aug 2011: [[Keith Jones]] about Do's and Don'ts of Testifying
+
 
+
* 21 Aug 2011: [[Drew Fahey]], VP of Products at Blackbag Technologies.
+
 
+
* 28 Aug 2011: [[Chris Pogue]] also known as Mr. Sniper Forensics
+
 
+
* 26 Sep 2011: [[Andrew Case]], one of the developers of Registry Decoder, a National Institute of Justice sponsored application.
+
 
+
* 1 Dec 2011: [[Ken Privette]] with NUIX about their new tool release this morning called Proof Finder.
+

Revision as of 14:53, 17 April 2012

Second look logo.png

The Incident Response edition of Second Look®: Linux Memory Forensics is designed for use by investigators who need quick, easy, and effective Linux memory acquisition and analysis capabilities.

Memory Acquisition

Second Look® preserves the volatile system state, capturing evidence and information that does not exist on disk and may otherwise be lost as an investigation proceeds. A command-line script allows for acquisition of memory from running systems without introducing any additional software. A memory access driver is provided for use on systems without a native interface to physical memory.

Memory Analysis

Second Look® interprets live system memory or captured memory images, detecting and reverse engineering malware, including stealthy kernel rootkits and backdoors. A kernel integrity verification approach is utilized to compare the Linux kernel in memory with a reference kernel. Pikewerks provides thousands of reference kernels derived from original distribution kernel packages, and a script for creating reference kernels for other systems, such as those running custom kernels.

Second Look® also applies an integrity verification approach for the analysis of each process in memory. This enables it to detect unauthorized applications as well as stealthy user-level malware.

Supported Systems

Second Look® is regularly updated to support analysis of the latest kernels and the most commonly used Linux distributions. The following are its capabilities as of April 2012:

  • Supported target kernels: 2.6.x, 3.x up to 3.2
  • Supported target architectures: x86 32- and 64-bit
  • Supported target distributions: Debian 4-6, RHEL/CentOS 4-6, Ubuntu 4.10-12.04, and more!

External Links

Second Look® is a product of Raytheon Pikewerks Corporation: