August, 2006
by Bhushan Shah, NII Consulting
The index.dat is a file which contains the list of the websites that one has visited. It comes from “indexing” which is used to speed up query responses.
The autocomplete feature in Internet Explorer compares the addresses to the index.dat to find an appropriate match. The size and life of the index.dat depends on the user and the options under: - Internet Explorer: Tools> Internet Options (Days to keep pages in history).
Read the full article »
July, 2006
Securing your passwords against Rainbow Table Attacks
By Bhushan Shah, NII Consulting
In the previous article we looked at the Rainbow Tables and how it can crack windows passwords in a matter of seconds. In this article we will look at different ways to add complexity to the passwords and protocols to secure your system so that you can survive the rainbow table attack. (Or at least try to)
Read the full article »
July, 2006
By Chetan Gupta, NII Consulting
In my previous article on Userassist, I had mentioned how UserAssist records user access of specific objects on the system and how it would greatly aid forensic investigations.
Although, I had shown how to decrypt the keys, the important thing that was missing was how to interpret the 16 bytes of data associated with the entries. (Thanks to Harlan Carvey for providing his valuable inputs on this.)
Here is a cool piece of code I found here that allows to decrypt the entries.
Read the full article »
July, 2006
Penetration Testing
Fyodor’s back with his top 100 security tools for 2006.
One of the most significant, but not surprising, entries is that of Metasploit Framework at #5 on the list. Since the launch of the 2.0 series, Metasploit has become one of the most popular security tools out there. The 3.0 series is a completely rehauled and very powerful piece of software. Re-written in Ruby and with extensive API’s, it is no longer simply a platform to develop and test exploits. It is now a platform to develop advanced security tools. Check out some cool features such as the recon modules and the sophisticated IDS-IPS evasion techniques. You can download the alpha version of the 3.0 series here.
June, 2006
By Chetan Gupta, NII Consulting
A supposedly nightmarish tool for the investigator community! Recently this tool was released at the metasploit anti-forensics site and is available here.
Like the website mentions, this tool can be a headche for any forensic investigator and a handy tool for any mischevious since it has the ability to change all the four timestamps of NTFS and not only that, it has an option to change the timestamps in such a way that Encase shows blanks.
Read the full article »