Archive for February, 2011
In my forensic work, I quite often have to send/receive forensic disk images to/from clients via FedEx or UPS. Since it is never a good idea to send digital data unencrypted via a common carrier, I encrypt hard disk volumes that contain forensic images using TrueCrypt.
To introduce you to TrueCrypt and walk you through the process of encrypting a hard disk volume, I wrote up a detailed ‘How-To‘ titled “Encrypt a Hard Disk Volume Using TrueCrypt.” I think you will agree, TrueCrypt is an amazing open-source project. I suggest you also consider encrypting hard disk volumes that contain your backups or any other sensitive data.
After many weeks of research and experimentation, I am releasing the McAfee Command Line Scanner Project (MCLSP) as my first free tool. This project contains everything you need to build a custom live Ubuntu Linux distribution (distro) that runs the McAfee Windows A/V Command Line Scanner. For many years I used the BartPE tools to build bootable Windows CD/DVD’s to perform McAfee A/V scans. I got tired of BSOD’s caused by missing or incorrect drivers. So – I built a better malware fighting tool based on Linux.
As an emergency incident responder, I quite often encounter malware that is so pervasive there is no efficient way to eradicate it with the host Windows OS running. Scanning in Safe-Mode usually doesn’t work in these situations either. With the MCLSP you can create a live Ubuntu ISO that will boot a Windows host in Linux and automatically scan all FAT/NTFS volumes for malware. Windows is nowhere to be found.
I have written extensive documentation for Linux pros and newbies alike. You can download the tool and the docs on the Free Tools page.
Remember – the correct way to remediate a compromised computer is to re-image. When that is not feasible – consider a thorough A/V scan using this tool. Please let me know how the tool works for you and what improvements you would like to see.
How ironic is it that you need Linux to correctly remediate a compromised Windows box?
NOTE: This project is not affiliated with McAfee. It respects all licenses. trademarks, copyrights, patents, and intellectual property of McAfee, Inc. of Santa Clara, CA. You are expected to do the same.