It's not uncommon to encounter corrupted files, say from unallocated space that need to be repaired. Also, attackers sometimes create corrupted malware that will run by Windows, but some kind of...
Type: Posts; User: Kinstonian; Keyword(s):
It's not uncommon to encounter corrupted files, say from unallocated space that need to be repaired. Also, attackers sometimes create corrupted malware that will run by Windows, but some kind of...
You're right about problems with integrity. However, whether it's because of hardware or an attacker, that issue is there. That's why digital investigators rely on corroborating evidence from...
No problem... Harlan's evtparse.pl would likely be useful for the corrupted Windows .EVT logs.
http://windowsir.blogspot.com/2010/07/more-timeline-stuff.html
http://docstore.mik.ua/orelly/perl/sysadmin/ch09_02.htm
SecurityOnion has been out for a while now, but it's about to get even easier:
http://www.youtube.com/watch?v=mazSRVFYmLQ
No sense in installing Snort to get alerts you can't do much with...
Can you configure your router to use the OpenDNS servers? That's as much of a "router level" as you will probably get without making your own from an old computer and Linux. If by router level you...
Are you using a blacklist? People already make blacklists that have a bunch of "bad" sites, so much of the work is done for you... Both DansGuardian and OpenDNS can apparently log. However, I just...
Filtering with a network device is good if you want to filter traffic for a bunch of computers because you can centrally manage the filtering. You would probably have to install something like a web...
Here's something from around 2010. How to Create a Family Friendly Ubuntu Setup
There is also DansGuardian, although I've never used any of this.
Keeping the computer in a public place in the...
I think Clam may only scan certain objects in a PDF. There may not be any suspicious objects in the PDF you're scanning so it's reporting nothing was scanned. You will probably also see a...
I was worried that might be a problem. Oh well, thanks for the info.
I looked in the fstab and didn't see it... although it does show up in the mount command. Unless I'm missing something wubi is doing something different.
Is there a problem with stopping Wubi from auto-mounting the Windows partition and if not, what's the best way to stop it?
You don't need an IDS to detect attacks. You're right Snort would be overkill. You may be surprised how effective simple tools like grep, cut, sort, netstat, ps, lsof, etc. can be.
A big part of...
Sguil ties a bunch of open source software together to let you use different types of network based evidence to easily investigate alerts. If you want to pretty much just see alerts in a GUI, check...
I installed it a long time ago when it was an absolute nightmare. One of the most complicated installs I've ever heard of. Fortunately it's a lot easier to get all the software working together...
I seriously can't believe I read that. If it's not your computer, you're not authorized to reformat, you're not familiar with Linux and you're worried about making a mistake that can "cause a lot of...
Try "dst host www.examplesite.com"
Cool, I can't write bash scripts, so I don't know how far you can go by creating data visualizations with shell scripts. Learning Python or similar would allow you to use ChartDirector, matplotlib,...
NAT was created resolve addressing problems, but has also over the years helped prevent a very large number of computers from being compromised by filtering traffic; which is the core of any...
Still not a valid reason not to care about your own security. If it's compromised there are other things her computer could be used for. Things ranging from sending spam to compromising other...
What leads you to believe of all the explanations for computer problems that her computer is "obviously infected?" I'm not saying you're wrong, I'm just asking what evidence you have because I have...
Now I'm starting to get the feeling we're doing your homework for you.
In addition to reformatting, I hope your recovery at least included changing your passwords.
You can use programming to help with any security related job, and which language(s) depends on what exactly it is you want to do.
If you want to deal with web application security PHP,...