http://gcn.com/articles/2009/07/29/black-hat-briefings-memory-forensics.aspx By William Jackson GCN.com July 29, 2009 LAS VEGAS - Tools such as Metasploit’s meterpreter for the automated delivery of stealthy payloads are making it more difficult for researchers to find out after the fact exactly what happened to an exploited computer. Meterpreter can let an attacker upload malware files to a computer that do not touch the disk, which is where traditional forensics tools look to find evidence of malicious activity. “Meterpreter breaks all disk forensics,” said Peter Silberman, an engineer at Mandiant Inc. So researchers now are looking into memory for evidence of wrongdoing. “This is a new frontier in forensics analysis.” Silberman and Stephen Davis, a Mandiant security consultant, demonstrated a new memory analysis tool Wednesday at the Black Hat Briefings security conference. By examining traces of memory that can remain resident on a computer for surprisingly long times, they can find evidence of malicious activity that is not visible elsewhere. [...] _______________________________________________ Attend Black Hat USA, July 25-30 in Las Vegas, the world's premier technical event for ICT security experts. Network with 4,000+ delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.comReceived on Thu Jul 30 2009 - 03:16:24 PDT
This archive was generated by hypermail 2.2.0 : Thu Jul 30 2009 - 03:22:05 PDT