Posts Tagged ‘live forensics’

In short this + python support. I’ve finally decided to build alpha POC code for the idea I already blogged about. Some of you might wonder why I choose to support python, seeing that I previously wrote about it and I hate/loved it. Well because afaik it’s the easiest language to embed inside C. Oh and the reason why I added support for a scripting language is because some things are just so much easier when done in a scripting language. So let’s see the actual code(make sure u read my previous blog post else the next stuff might sound like total gibberish).

(more…)

Well I’ve been developing this for a while now and still haven’t finished, mainly because I’ve got little time to spare for coding. Previously I wrote about using somekind of ping to see if your computer is still connected to the net. The solution is fun but it will not prevent forensic analysis of your computer. I have expanded upon that previous post and started to write a toolkit which could be used if we assume the following:

You want to prevent live-forensic analyses of your computer at all costs. You don’t care about normal forensic analysis because your harddisk is encrypted and you have used a real long password and a keyfile.

So with that in mind I started to construct something which frustrates live forensics and at the same time is easy to expand. If you are concerned about normal forensic analysis you can always turn to some of the current anti-forensics projects like the one at metasploit.

(more…)