Hal Pomeranz @hal_pomeranz

I am retiring this social media account. Find me as @hal_pomeranz@infosec.exchange

 Orlando, FL
deer-run.com/~hal/
Joined November 2008
  • Tweets 19,311
  • Following 237
  • Followers 13,672
228 Photos and videos
Load newest
Trivia Answer #28 - False. XFS allocates inodes on demand, and the inode number is assigned based on the inode’s position on the disk.
2
Replying to @codeslack
That’s a lot of development and testing effort to just be abandoned. But whether it’s TSK or something new, we need an Open Source, cross-platform filesystem interpreter that supports common modern file systems.
3
Replying to @codeslack
I agree. But with funding we could pay a resource to manage the project and clear out the backlog.
1
Welp… my husband got laid off from his job today 😞 This may be a long-shot, but if any of you work in tech and know of an open position that fits his skillset, shoot me a DM. (If you don’t, but would like to buy him a beer—he’s had a rough day: paypal.me/jprice 💖)
25
151
4
234
The #DFIR community needs funding and resources put towards libsleuthkit. And everybody needs to share their "private" forks where they have fixed bugs and added new file systems support. Hackathon anybody?
10
16
Just wanted to mention that my Linux Forensics training is happening next week. There is still time to sign up, and class size will be small. Hope to see you there!
Hal Pomeranz @hal_pomeranz
6 Sep 2022
Live Linux Forensics training coming up @WWHackinFest Deadwood! Let's do some daily Linux Forensics trivia as a lead-up! wildwesthackinfest.com/deadw…
1
5
9
Daily Linux Forensics Trivia #28 - True or False: XFS inode numbers are assigned sequentially.
1
Shout out to @fierry137 for chiming in with the correct answer.
1
The only thing different about web browser artifacts on Linux is their location. $HOME/.mozilla/firefox (Firefox) and $HOME/.config/chromium (Chrome) are the usual locations on Linux. Otherwise it's same SQLite databases, etc. Anything else would be crazy in terms of code re-use
1
1
1
Hal Pomeranz retweeted
purr.in.ink
 @purrinink
2 Oct 2022
267
24,980
824
123,026
Hal Pomeranz retweeted
Wendy Nather @wendynather
3 Oct 2022
This is powerful and hits me right in the gut.
Rabbi Danya Ruttenberg @TheRaDR
30 Sep 2022
So I believe this is what they call “a personal essay.” (It’s personal AF.) Judaism accounts for what to do if someone dies before you have made amends to them. lithub.com/rabbi-danya-rutte…
1
4
Replying to @wendynather
youtube.com/watch?v=n4QSYx…
1
1
Replying to @codeslack
Likewise. Good change.
Daily Linux Forensics Trivia #28 - How do Chrome and Firefox web browser artifacts differ on Linux systems as compared to Windows/Mac?
2
1
4
However, @ldsopreload mentioned several other places where login information is tracked, including the btmp (failed logins), and lastlog (detail on most recent login for each user) logs.
Trivia Answer #26 - I should have been more specific here. I was looking for logs that track successful user logins over time and I was thinking of Syslog's LOG_AUTHPRIV stream (usually /var/log/auth.log or .../secure), the wtmp file, and the audit.log.
2
1
Hal Pomeranz retweeted
Jake Williams @MalwareJake
2 Oct 2022
This is the nightmare of practically any frequent flier. You owe it to yourself to read this (first). 1/2
Chase Mitchell @ChaseMit
30 Sep 2022
Dude beside me on this plane just tried to get me, in an aisle seat, to swap with his wife, who is in a middle seat. Wife guys really must be stopped
5
6
1
85
Replying to @TimMedin
Sounds like the beginning of a Greek tragedy
1
3
Hal Pomeranz retweeted
Andrew Case @attrc
4 Feb 2017
Rapidly increase #DFIR skills: 1) Perform attack(s) against your own system/VM 2) Document steps in detail 3) Find artifacts for each step
4
80
6
149
My son's band is planning "Hot For Teacher" for the school talent show. Not sure whether to be amused or appalled.
3
7
Load more