tag:blogger.com,1999:blog-6447283518071683105.post7129708064153363905..comments2023-04-02T10:17:04.631-04:00Comments on Forensic Incident Response: Putting the Forensics in Anti-Forensicshogflyhttp://www.blogger.com/profile/00741773109962883616noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-6447283518071683105.post-5483756352026889222007-12-06T07:33:00.000-05:002007-12-06T07:33:00.000-05:001) Do you trust your tools?In combination with kno...<I>1) Do you trust your tools?</I><BR/><BR/>In combination with knowledge of the system and situation, I trust the tools I use inasmuch as they provide me additional insight into what's going on...<BR/><BR/><I>2) The average tool is not capable of providing enough information when facing modern attacks.</I><BR/><BR/>What tool does?<BR/><BR/><I>3) An investigation does not begin and end on the H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-8691033982735975232007-12-04T09:15:00.000-05:002007-12-04T09:15:00.000-05:001) Do you trust your tools?Trust is mainly about r...<I>1) Do you trust your tools?<BR/><BR/>Trust is mainly about reliability and confidence. How confident are you that your tools are showing you accurate information? How reliable is the data output?</I><BR/><BR/>This question/point harkens back to the issue of static binaries. However, this is something that isn't possible on Windows systems...at least, not yet. At some point, a DLL (a binary) H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.com