Into The Boxes: Issue 0x0

It is official.  Harlan and I are proud to announce the first edition of Into The Boxes – Digital Forensics and Incident Response Magazine.

Into The Boxes: Issue 0x0

Of course this release would not have been possible if it were not for the contributions of Didier Stevens and Jamie Levy.  These two produced, in our opinion, two very good articles that will benefit your analysis efforts and overall education.  We all owe these two a big thank you for helping us get this effort moving forward.  There were several others who also provided us various forms of encouragement and article submittals but, for various reasons, were not able to provide contend for this publications.  Harlan and I would also like to thank these people as well and let them know we are looking forward to their submittals for Issue 0x1 in addition to their continued verbal support.

This issue contains four specific articles that cover a variety of digital forensic and incident response issues.  More specifically:

Windows Box: Windows 7 UserAssist Registry Keys by Didier Stevens.

This is an analysis of the new UserAssist registry keys binary data format used in Windows 7 and Windows 2008 R2.

*nix Box: Red Hat Crash Memory Forensics – Jamie Levy

This article covers the installation and use of Redhat Crash Utility for Linux memory forensics.

Software Box: Beware The Preview Pane – Don C. Weber

A quick dip into the preview pane functionality provided by AccessData’s FTK Imager and FTK Imager Lite.

Squawk Box: PCI Interview with Harlan Carvey

An interview about digital forensics and incident response as it pertains to Payment Card Industry-related investigations.

As always, please let us know how you feel and provide us with recommendations and article submittals for future ITB efforts.  We look forward to your comments and blog posts about these subjects.

Go forth and do good things,

Don C. Weber

9 Responses to “Into The Boxes: Issue 0x0”

  1. Chris Hague Says:

    Very interesting and insightful article(s). I myself work for a QIRA firm and agree that the amount of data sharing seems to be one way or limited at best, with that said, I’ve reached out on a professional level to other QIRA’s to share vectors, malware, and other points which might be relevant to their cases. For those that do not know, the PCI Council plans on taking over the QIRA list, which might open the list up to more than the 7 or so authorized vendors. This could be a good thing.


    • Colin Sheppard Says:

      Great first edition of Into the Boxes. My organization is also a Qualified Incident Response Assessor (QIRA). We frequently discuss the need for a more structured information sharing process within our industry. While I’ve seen great strides in recent years, as Harlan has stated, there is a need to reevaluate what constitutes valuable information and subsequently provide and correlate those data points.

      Harlan also touches on a subject that is not frequently discussed. In the majority of (our) cases, the intrusion took place weeks or months before we (QIRA) were engaged. Overwhelmingly, the investigation was initiated because a card brand(s) fingered the entity as the breach point (Common Point of Purchase) based on fraudulent transaction history. Unfortunately, the reliance on third party detection creates this protracted lapse in time where valuable actionable intelligence concerning the breach is most often lost.

  2. […] This post was Twitted by wimremes […]

  3. Ron Bailey Says:

    Congrats gents on your new emag!
    I look forward to future editions.

  4. Anonymous Coward Says:

    Did you spell check this document? There are some obvious misspellings which make it hard to take this seriously.

    • @anon,

      We appreciate your comment. We look forward to your spell-checked collaboration in the future. Please provide your submittal for our review by using the Collaboration Box.

      Thank you,
      Don C. Weber

  5. Nice work and I thank you for your efforts, although the first thing I noticed was the year being wrong on the pdf front page. As a previous occupation was proofreading, I’d be happy to contribute my services, FOC, for future editions.

    • @novunix,

      We appreciate you noticing and informing us. Our first mistake of the New Year. I am willing to bet it will not be our last. We will keep you in mind for the next issue and may contact you using the email you provided here.

      Thank you,

  6. […] For more details, read my article in the new forensic magazine Into The Boxes. […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: