I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange
Orlando, FL
Joined November 2008
- Tweets 19,311
- Following 237
- Followers 13,672
- Likes 12
If there's somebody from Outlook.com listening, can I get an actual Engineer to respond to a serious delivery issue?
The best investigators in the world are blind without data. Build your networks with the belief you will be compromised. Please.
1
13
9
@attrc Might be a TSK bug-- debugfs works pre-sync, but istat/icat borked until sync performed- pastebin.com/Ca4f00zc
1
@attrc Interesting. EXT4 shows the inode as allocated but the size and extents are zeroed when the file is unlinked. This could be a bug.
1
@attrc Whoops! Here's a more complete paste with istat output - pastebin.com/zPb6Wjjr - istill allocated as long as the process is running
1
1
2
@attrc Hadn't looked at the pastebin-- but, yes, I just tested recovering deleted binary from a deleted directory with lsof/icat/Yosemite
1
@hacks4pancakes Pretty sure @ericjhuber could set you up with a job in Florida.
1
@attrc Just tested it on my Yosemite box and it worked fine. I've done it on Linux too-- though there you can just use /proc/<pid>/exe
2
2
@iamevltwin Oooh! It's on a weekend that I can attend this year! Yay! I submitted to @BSidesNOLA too!
1
It's possible that I watched this educational video today - youtube.com/watch?v=Z5xD6UPN… #InheritedThreeKids
2
@maingear If you could figure out a way to pack 32GB RAM into the Pulse 15 chassis, I ... I don't even... <drool>
1
I'm in lust - Dual mSATA SSD + SATA HDD, Quad Core, 16GB RAM, Ultra HD (NVIDIA GeForce 970), BluRay, 4lb laptop - maingear.com/custom/notebook…
1
6
Slides and recording from my Monday webcast are now up at the SANS web site - sans.org/webcasts/ir-event-l…
6
6
@jerod Yes, sure was. Once the recording is posted, I believe it will be at the same link as the original webcast.
1