tag:blogger.com,1999:blog-4080617372940068027.post8894517994450054452..comments2024-03-13T01:32:25.097-04:00Comments on Journey Into Incident Response: Finding Malware Like Iron Man Slide DecksCorey Harrellhttp://www.blogger.com/profile/15008629321023489214noreply@blogger.comBlogger8125tag:blogger.com,1999:blog-4080617372940068027.post-59984692765387733362015-07-26T11:38:20.341-04:002015-07-26T11:38:20.341-04:00@anon,
The executable is only available in 64-bit...@anon,<br /><br />The executable is only available in 64-bit versions. However, you can install Perl and run the Perl version on both 64 and 32-bit systems.Corey Harrellhttps://www.blogger.com/profile/15008629321023489214noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-81006011336819159922015-07-17T10:17:47.097-04:002015-07-17T10:17:47.097-04:00Hi Mr Harell,
I'm newbie in IR and my problem...Hi Mr Harell, <br />I'm newbie in IR and my problem that all versions of your tools that I downloaded (auto_rip-7-21-2014 & autorip_08-26-13) behave as such 64bit and this desappointed me. Does your tool works only in 64bit systems???<br />I need help. Thanks for your attention on my post!!!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-5915348547564644232014-01-29T22:21:24.379-05:002014-01-29T22:21:24.379-05:00@anon,
I'm not aware about any publicly avail...@anon,<br /><br />I'm not aware about any publicly available images of systems infected with malware. However, it's pretty easy to create your own to improve your skills. One of my next posts I'm going to outline how I progressed with creating test images of infected systems. My plan is to make it easy for others to replicate so even if you can't find any public images at least you can create your own Corey Harrellhttps://www.blogger.com/profile/15008629321023489214noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-28303258179710421982014-01-29T19:54:37.315-05:002014-01-29T19:54:37.315-05:00Corey, This is great stuff and I will be using thi...Corey, This is great stuff and I will be using this info going forward.<br />In on of earlier posts you mentioned that in order to practice you first need to install malware on the system; I wanted to ask if you know of a resource where you can obtain infected images but more importantly it has IR solutions that you can look at to compare your results?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-41723858909706722292013-09-17T17:23:46.889-04:002013-09-17T17:23:46.889-04:00@anon
I'm not aware about any framework that ...@anon<br /><br />I'm not aware about any framework that integrates the tools in this presentation. Personally, I have all the tools on a thumb drive and run them against the data I collect with these scripts<br /><br />http://journeyintoir.blogspot.com/2013/09/tr3secure-data-collection-script.htmlCorey Harrellhttps://www.blogger.com/profile/15008629321023489214noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-35497639593986679132013-09-17T12:19:08.295-04:002013-09-17T12:19:08.295-04:00Great slides. IR newbie here - such practical exam...Great slides. IR newbie here - such practical examples are very helpful.<br /><br />Sometimes committing DFIR blasphemy and hunting down malware on a live system is needed. A pre-built mobile toolkit (e.g. on a CDROM or a folder that contains all dependencies and can run on the target system) would be very useful in such cases. Is there any documentation on building such a mobile toolkit with the tools you used?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-40779034534429186252013-07-18T09:07:28.437-04:002013-07-18T09:07:28.437-04:00That was absolutely excellent. I will be referring...That was absolutely excellent. I will be referring back to this a lot!Anonymoushttps://www.blogger.com/profile/06361258957041592483noreply@blogger.comtag:blogger.com,1999:blog-4080617372940068027.post-56607156504230575302013-07-16T02:35:08.757-04:002013-07-16T02:35:08.757-04:00Nice slides. I really like the approach as these a...Nice slides. I really like the approach as these are indeed the real thing. Im hoping that you will do one(1) case in your post that will run through all the things in the slide with actual malware investigation, just to get a bigger picture in an actual malware case.Anonymousnoreply@blogger.com