Sandfly 2.3.2 – Linux Packet Sniffer Detection and Faster Process Forensics

November 12, 2019

Sandfly, Sandfly Update, Update

Sandfly 2.3.2 has been released. It includes new capabilities to detect a variety of Linux network packet sniffers, plus has internal…

Sandfly 2.3 – Performance Updates, Elasticsearch 7 Support and More

October 30, 2019

Sandfly, Sandfly Update, Update

Sandfly 2.3 is now released. This version features many changes to improve performance, updates the custom Sandfly syntax, eliminates false…

Basic Linux Malware Process Forensics for Incident Responders

October 01, 2019

Linux Forensics

Let’s go step-by-step and do some basic live process forensics for Linux. Today’s attack is a bind shell backdoor waiting for a connection…

Sandfly 2.2 – Enhanced Web Shell Detection, Anti-Forensics and More

September 03, 2019

Sandfly, Sandfly Update

Sandfly 2.2 has now been released. This update adds new capabilities around web shell detection, anti-forensics detection, plus much more. A…

Sandfly 2.1 Released

August 06, 2019

Sandfly, Sandfly Update

Sandfly 2.1 has been released. We have expanded MIPS and ARM CPU coverage for embedded Linux devices, boosted our bindshell backdoor…

Using Linux utmpdump for Forensics and Detecting Log File Tampering

August 01, 2019

Computer Forensics, Linux Forensics

In this post we’re going to show you how to use utmpdump for investigating Linux audit logs for signs of compromise. Seemingly unknown by…