Computer Forensics

Detecting Linux Binary File Poisoning

June 14, 2018

Binary Poisoning, Computer Forensics, Linux Forensics, Masquerading, Sandfly, Sandfly Update

Let’s talk about Linux binary poisoning. Binary poisoning is tampering with a system command and replacing it with a malicious version. This…

Sandfly 1.1.14 – Linux File Masquerading, Encrypted Malware Detection, and More

June 06, 2018

Computer Forensics, File Entropy, Linux Forensics, Malware, Sandfly, Update

The latest Sandfly release has new features for file classification and file entropy scanning. We can now spot files that are trying to…

Christchurch Hacker Con 2017 Linux Forensics Slides

May 30, 2018

Computer Forensics, Linux Forensics

The slides for Craig’s talk on command line Linux Forensics from the 2017 Christchurch Hacker Con can be found here: The slides cover using…

Linux Malware Persistence with Cron

May 02, 2018

Computer Forensics, Linux Forensics, Malware, Persistence, Sandfly

If malware is anything at all, it’s persistent. On Linux, just like Windows, malware once loaded wants to stay loaded. On Windows systems…

Detect Linux Loadable Kernel Module Stealth Rootkits Agentlessly with Sandfly

April 27, 2018

Computer Forensics, Linux Forensics, Rootkits, Sandfly, Videos

Watch Sandfly’s agentless intrusion detection and threat hunting technology detect a Linux stealth rootkit. Sandfly automates the…

Linux Command Line Forensics Presentation at Christchurch Hacker Con 2017

April 27, 2018

Computer Forensics, Linux Forensics, Presentations

Craig Rowland presented last October at the Christchurch HackCon on the topic of using basic command line tools for Linux forensic…