For some time, my primary analysis machine was a Fedora OS with the CERT repo installed. I went with the CERT Repo after leveraging the SANS SIFT work station primarily due to the fact that the tools in the CERT Repo are on a more frequent update cycle. By the time I read about and decide I want to play around with a new tool, it always seems to be part of the CERT Repo already. However, with the introduction of Windows Subsystem for Linux, I find myself more frequently conducting investigations with Windows as my Primary OS.
Figure 1: Fedora CERT Repo Installing On Windows Subsystem
In some cases, an adversary attempts to maintain a foothold in a compromised environment in one way or another so, in the event of a system restart, a communication channel is reopened. Luckily for us, areas of the operating system which allow this behavior to occur are limited. This allows us to look for potential signs of malfeasance in predictable areas of the operating system. Better yet, a trend can be observed of commonly used persistence mechanisms which provide us with great areas to look in an attempt to find potential footholds setup by an adversary.
Running a website, however small, I thought might be an exciting undertaking from a personal development perspective. It is not that I have never run a website in the past - I ran a web hosting company for a time - this is more so a reflection on myself as a professional with all the trials and tribulations that go with it, with a specific focus on the
lessons learnedthat follow. I have participated in the Digital Forensics Community for a handful of years, and I felt that it was my turn to make a feeble attempt in contributing back.
To be more forward, why is this website here, why does it matter and why you might be interested.