I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

Orlando, FL
Joined November 2008
Shout out to @fierry137 for chiming in with the correct answer.
1
The only thing different about web browser artifacts on Linux is their location. $HOME/.mozilla/firefox (Firefox) and $HOME/.config/chromium (Chrome) are the usual locations on Linux. Otherwise it's same SQLite databases, etc. Anything else would be crazy in terms of code re-use
1
1
1
Hal Pomeranz retweeted
267
24,980
824
123,026
Hal Pomeranz retweeted
This is powerful and hits me right in the gut.
So I believe this is what they call “a personal essay.” (It’s personal AF.) Judaism accounts for what to do if someone dies before you have made amends to them. lithub.com/rabbi-danya-rutte…
1
4
Daily Linux Forensics Trivia #28 - How do Chrome and Firefox web browser artifacts differ on Linux systems as compared to Windows/Mac?
2
1
4
However, @ldsopreload mentioned several other places where login information is tracked, including the btmp (failed logins), and lastlog (detail on most recent login for each user) logs.
Trivia Answer #26 - I should have been more specific here. I was looking for logs that track successful user logins over time and I was thinking of Syslog's LOG_AUTHPRIV stream (usually /var/log/auth.log or .../secure), the wtmp file, and the audit.log.
2
1
Hal Pomeranz retweeted
This is the nightmare of practically any frequent flier. You owe it to yourself to read this (first). 1/2
Dude beside me on this plane just tried to get me, in an aisle seat, to swap with his wife, who is in a middle seat. Wife guys really must be stopped
5
6
1
85
Hal Pomeranz retweeted
Rapidly increase #DFIR skills: 1) Perform attack(s) against your own system/VM 2) Document steps in detail 3) Find artifacts for each step
4
80
6
149
My son's band is planning "Hot For Teacher" for the school talent show. Not sure whether to be amused or appalled.
3
7
Hal Pomeranz retweeted
This is a real treat!
Wow That’s an amazing deep dive on NTP, its creator David Mills, and old school open source communities. newyorker.com/tech/annals-of…
1
2
Daily Linux Forensics Trivia #26 - Name three different logs where you can normally find a record of user logins.
2
1
Trivia Answer #25 - Look at the user’s $HOME/.viminfo file. The file contains information on recently edited files, search terms, commands typed at the “:” prompt, and (probably most useful in this case) commands executed via shell escape.
3
And power is restored! Thanks @DukeEnergy for working so hard for Floridians in the wake of hurricane Ian.
10
Daily Linux Forensics Trivia #25 —A user’s .bash_history file shows repeated use of “sudo vim” with no other arguments. What other artifact could you inspect to get a better picture of their activities?
3
2
7
Trivia Answer #24 - One of the directories is named “.. “ (dot dot space) or some other similar name with a non-printing character. Use “ls -b” to see the non-printing characters. @MalwareJake was suspiciously quick with the answer on this one… almost as if… nah!
1
1
11
Let me add that a lot of these folks come in from out of state to support us during these disasters. They leave their homes and families and head into harm’s way to get the lights back on. Bravo!
40k+ linemen are waiting by in Florida right now ready to go to work when they can. Legit superstars.
3
4
31
Daily Linux Forensics Trivia #24 - You look at a directory listing and there are two subdirectories named “..”. How is this possible?
3
1
8
If you’re in a virtual environment that doesn’t pre-allocate disks, this also has the side-effect of increasing the storage used by your instance and making it more costly to get a forensic copy.
1
Trivia Answer #23 - Lots of responses, including @rvandenbrink, @DfirNotes, and @jtsylve. The dd command will create a file called junk that will consume all unallocated blocks and overwrite them with random data. This should obliterate any evidence in unallocated.
2