Re: [Full-Disclosure] Re: [ISN] Book Review: Forensic Discovery

From: j mark (
Date: 01/20/05

  • Next message: Martin Pitt: "[USN-64-1] xpdf, CUPS vulnerabilities"
    Date: Thu, 20 Jan 2005 07:55:27 -0800 (PST)
    To:,,, William Knowles <>, InfoSec News <>, Anthony Zboralski <>,

    Anthony Zboralski wrote:

    > On 19 Jan 2005, at 14:55, InfoSec News wrote:
    >> of digital forensics.
    > Source:
    > After reading the review of Dan Farmer and Wietse's
    Forensic Discovery, you should hear about
    > The Grugq who got fired from @stake after writing a
    Phrack Article in which he exposed numerous
    > flaws in The Coroner's Toolkit by Dan & Wietse.
    > Before you read this book, check out the video
    (bittorrent) of The Grugq on The Art of Defiling and
    > see how to defeat "industry grade" forensic tools
    and techniques .
    > You can also meet him at a hacker convention near
    you (in March at BCS2005 in Jakarta, in April
    > at Black Hat in S'pore and Amsterdam and at
    HITB2005 Bahrain.
    > Video of the Grugq's Speech, The Art of Defiling:
    > (Courtesy of
    > Presentation Slides:
    (from HITB2004)
    > Phrack article:
    > (Phrack
    > Grugq's Profile:
    > The Grugq has been researching anti-forensics for
    almost 5 years. He has presented
    > to the UK's largest forensic practitioner group
    where he scared Scotland Yard.
    > Grugq has worked to secure the networks and hosts
    of global corporations, and
    > he's also worked for security consulting companies.
    His work as a security consultant
    > was cut short temporarily following the publication
    of an article on anti-forensics.
    > P.S. Is it illegal to talk about anti-forensics
    under the Patriot Act?
    > gaius

    This article in Phrack is being cited as this guys
    qualifications for conducting a security seminar?
    Getting fired for writing an article (an article so
    clueless --devoid of substance-- as this one) is cited
    as a good thing (just because it appeared in phrack)?
    Phrack Editors: please apply some standard in choosing
    articles, because people do think that having an
    article published in phrack amounts to something, and
    mostly your articles are superb (except when you plug
    articles like this because your friend wrote it)

    Just because one tool does not check bad cluster,
    doesn't mean that you can use this method of data
    hiding to defeat forensics as a whole.

    Encryption as an anti-forensics technology.
    <sarcasm>Wow. who knew that?</sarcasm>

    Logging to a different Syslog server. <sarcasm>Wow.
    who knew that?</sarcasm>

    Anthony Zboralski: We would expect yot to plug some
    article with substance when you promote your speaker
    and conference in a lot of security mailing lists. Oh
    yeah and you are going to jail if you talk about
    anti-forensics in US, you stupid promoter.


    Do you Yahoo!?
    Yahoo! Mail - 250MB free storage. Do more. Manage less.
    Full-Disclosure - We believe in it.

  • Next message: Martin Pitt: "[USN-64-1] xpdf, CUPS vulnerabilities"