Archive for 'January 2011'

    The Dead Giveaways of VM-Aware Malware

    By Atif Mushtaq
    I often overhear talk about so called next generation anti vm, sandnet and debugger techniques and their *widespread* use by modern malware, and how this is hurting modern day automated malware analysis and detection. Well I find the facts are quite different.  Most of these claims don't provide good evidence and I consider them little more than an attempt to create FUD (Fear, Uncertainty and Doubt). The reality is that after the Read more...


    EXT3 File Recovery via Indirect Blocks

    By Hal Pomeranz

    Recovering complete file images from unallocated space on Linux systems can be a tricky problem. The EXT3 metadata structures-index nodes or inodes for short-are mostly zeroed out when they are deallocated. During this process, all of the inode's block pointers (that would normally be used to access the file data when the file was allocated) are lost. The original file contents will still exist in unallocated data blocks in the file system-at least until those blocks are reused-but there's no "map" to reconstruct those data blocks into the original file.

    Read more...