Have you ever wondered how some malware variants are able to delete themselves? A malicious executable is launched on a machine, and once launched in memory, the executable vanishes. This makes malware analysis very hard if no memory dump was taken, as there is seemingly nothing there. We can however use other artefacts to confirm the running of a non-existent file, such as by looking at the Prefetch files, User Assist files and certain registry entries.
Lots of apologies that I haven’t been blogging lately. I have recently got married, and as you can imagine that has taken up a lot of my time! I’m currently doing a course called the Certified Malware Investigator run by 7Safe, and one of the practical exercises in today’s session was on Alternate Data Streams (ADSs). I’ve been playing around with these and here is a quick summary!
readability confirmation bias Demand Five wifi law restaurant visualisation birthday Women in Technology captcha Google passwords ACPO sock puppets digital forensics cookies fabrics reference management cyber threat models insider fraud exams Tineye encryption laptop walks mobile phones polaroid SECC crafts NSA government cards foreman doppelgangers security comedy board games privacy mentoring data privacy Amazon Istanbul censorship demographics Karanga camp rabbit nutrition bibliography The Balmoral art gallery Barcelona cheatsheet résumé AES statistics RIPA draught excluder General Election section breaks lectures birthday paradox