Hey,
I'm investigating a case in which my goal is to identify malware.
There are two ways in which OSForensics seems to be almost-helpful but isn't:
1. Showing what files of the image are not in the hashlist (when compared to NSRL, for example) - so I can inspect them manually and look for malicious files.
2. Showing what files of an image *are* in the hashlist (when compared. for example, to the keyloggers hashlist) - so I can identify known malware. This feature would have been extra useful if I could incorporate OpenIOC signatures.
This is the first time I'm using OSForensics. Is there a way to accomplish those tasks and I just haven't found it yet?
I saw an old thread where someone asked for this feature, but the answer revolved mostly on the time-of-analysis ( http://www.passmark.com/forum/showth...e-NSRL-HASH-DB ). I don't mind if it takes longer. I want to know with a high-certainty that I found all there is to find.
- Jonathan
I'm investigating a case in which my goal is to identify malware.
There are two ways in which OSForensics seems to be almost-helpful but isn't:
1. Showing what files of the image are not in the hashlist (when compared to NSRL, for example) - so I can inspect them manually and look for malicious files.
2. Showing what files of an image *are* in the hashlist (when compared. for example, to the keyloggers hashlist) - so I can identify known malware. This feature would have been extra useful if I could incorporate OpenIOC signatures.
This is the first time I'm using OSForensics. Is there a way to accomplish those tasks and I just haven't found it yet?
I saw an old thread where someone asked for this feature, but the answer revolved mostly on the time-of-analysis ( http://www.passmark.com/forum/showth...e-NSRL-HASH-DB ). I don't mind if it takes longer. I want to know with a high-certainty that I found all there is to find.
- Jonathan
Comment