Re: [Full-Disclosure] Re: [ISN] Book Review: Forensic Discovery
From: j mark (jmark2099_at_yahoo.com)
Date: Thu, 20 Jan 2005 07:55:27 -0800 (PST) To: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, William Knowles <email@example.com>, InfoSec News <firstname.lastname@example.org>, Anthony Zboralski <email@example.com>, firstname.lastname@example.org
Anthony Zboralski wrote:
> On 19 Jan 2005, at 14:55, InfoSec News wrote:
>> of digital forensics.
> Source: http://hert.org/story.php/58
> After reading the review of Dan Farmer and Wietse's
Forensic Discovery, you should hear about
> The Grugq who got fired from @stake after writing a
Phrack Article in which he exposed numerous
> flaws in The Coroner's Toolkit by Dan & Wietse.
> Before you read this book, check out the video
(bittorrent) of The Grugq on The Art of Defiling and
> see how to defeat "industry grade" forensic tools
and techniques .
> You can also meet him at a hacker convention near
you (in March at BCS2005 in Jakarta, in April
> at Black Hat in S'pore and Amsterdam and at
> Video of the Grugq's Speech, The Art of Defiling:
> http://www.hert.org/z/grugq.torrent (Courtesy of
> Presentation Slides:
> Phrack article:
> http://www.phrack.org/show.php?p=59&a=6 (Phrack
> Grugq's Profile:
> The Grugq has been researching anti-forensics for
almost 5 years. He has presented
> to the UK's largest forensic practitioner group
where he scared Scotland Yard.
> Grugq has worked to secure the networks and hosts
of global corporations, and
> he's also worked for security consulting companies.
His work as a security consultant
> was cut short temporarily following the publication
of an article on anti-forensics.
> P.S. Is it illegal to talk about anti-forensics
under the Patriot Act?
This article in Phrack is being cited as this guys
qualifications for conducting a security seminar?
Getting fired for writing an article (an article so
clueless --devoid of substance-- as this one) is cited
as a good thing (just because it appeared in phrack)?
Phrack Editors: please apply some standard in choosing
articles, because people do think that having an
article published in phrack amounts to something, and
mostly your articles are superb (except when you plug
articles like this because your friend wrote it)
Just because one tool does not check bad cluster,
doesn't mean that you can use this method of data
hiding to defeat forensics as a whole.
Encryption as an anti-forensics technology.
<sarcasm>Wow. who knew that?</sarcasm>
Logging to a different Syslog server. <sarcasm>Wow.
who knew that?</sarcasm>
Anthony Zboralski: We would expect yot to plug some
article with substance when you promote your speaker
and conference in a lot of security mailing lists. Oh
yeah and you are going to jail if you talk about
anti-forensics in US, you stupid promoter.
Do you Yahoo!?
Yahoo! Mail - 250MB free storage. Do more. Manage less.
Full-Disclosure - We believe in it.