Every now and then, I get contacted by someone who tells me that they used the open source tools I’ve released in either a college course they took, or in a course provided by one of the many training vendors in the industry. I even once responded to an incident for a large energy sector organization, and while I was orienting myself to the incident, I looked over one of their analyst’s shoulders and recognized the output of the tool they were using…it was one of mine.
What I’ve seen pretty consistently throughout my time in the industry is that once tools are known, people begin downloading them, and including them in their distros/toolsets, and some even add them to training courses (colleges, LE, the federal gov’t, private sector, etc.). However, they do so without ever truly understanding the nature of the tool, how and why it was designed, or what problem it was intended to solve. Further, they rarely (to my knowledge) contact the author to understand what went into the development of the tool, nor understand how the tool was intended to be used. For training courses in particular, those providing the materials and instruction do so without fully understanding how the tool author conducts their own investigations, and therefore, how the open source too fits into their overall investigative process. As a result, the instruction around that tool that’s provided is often a shadow of what how the tool was intended to be used; what you’re getting in these training courses is the instructor’s perception of how the tool can be used.
I’ve blogged a couple of times regarding various distros of tools that include RegRipper; for examp
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from Windows Incident Response
Read the original article: