One HBGary developper wrote a blogpost about windd entitled “Windd – Almost there, but not quite…“. HBGary says *they* but I would like to say to readers that windd is a project that I developped and maintain alone, on my spare time. More and more people are using windd so it looks I have to [ Read More ]
In fact, this new key category appearred for the first time in Windows XP, formely called Whistler, in early 2001. Yes, almost 9 years ago. But its structure CM_BIG_DATA had been removed from Microsoft Windows XP public symbols but not from Windows Vista and later symbols. Basicaly, this “secret” registry key had been briefly introduced [ Read More ]
I’m going to discuss about Microsoft Crash Dump Analysis weaknesses, but in fact this blogpost is somehow an introduction to the next version of Win32DD 1.2. Indeed, the next version of win32dd will have crash dump generation implemented and some others things you’ll enjoy too. Any reader who is interested in this topic is encouraged [ Read More ]
Andreas, recently published an interesting article called “The 3 Vendors”. This article is talking about GPL rights violation against researchers who share their knowledge. And also demonstrate, how this kind of violation can be easily identified through code flowchart. It sounds like the beginning of a series…
X-Ways (WinHex editor) Forensics Beta 2 now includes hibernation file(hiberfil.sys) support for Windows XP 32-bit only. Please notice, Sandman library/framework is an open-source project under GNU General Public License v3 to read and write the hibernation file released 2 months ago… Posted on Friday, Mar 28, 2008 – 1:05: * Ability to decompress Windows XP [ Read More ]
