You are browsing the archive for HMFT.

← Previous Entries

HMFT 0.3 + Extended Attributes, short update

February 17, 2013 in Anti-Forensics, Compromise Detection, Forensic Analysis, HMFT, Malware Analysis

update fixed the title of the post  – it’s obviously a version 0.3 and not 3.0 đŸ™‚ old post In my last post I talked about detecting Extended Attributes (used […]

Comments Off on HMFT 0.3 + Extended Attributes, short update

Detecting Extended Attributes (ZeroAccess) and other Frankenstein’s Monsters with HMFT

January 25, 2013 in Anti-Forensics, Compromise Detection, Forensic Analysis, HMFT, Malware Analysis

The topic of Extended Attributes (EA) has been recently covered in an excellent post by Corey. Entitled Extracting ZeroAccess from NTFS Extended Attributes it goes into (amazing) depth explaining on […]

Comments Off on Detecting Extended Attributes (ZeroAccess) and other Frankenstein’s Monsters with HMFT

← Previous Entries