Harlan Carvey – WindowsTechs.com

A Minimal LNK

Posted on March 21, 2019 by Harlan Carvey

Yeah, so I’ve written about LNK files before, but I wanted to take it a step further and explore just how much of the specification is required for a functioning LNK file.Step 1I used VBS to create a “bare-bones” LNK to run calc.exe. I like to ha… Continue reading A Minimal LNK→

Book Writing Misconceptions

Posted on March 5, 2019 by Harlan Carvey

You have to admit, our industry is fraught with misconceptions. Misconceptions and misunderstandings about business practices, about what things should be versus what they really are, about what some data represents, misconceptions about how many… Continue reading Book Writing Misconceptions→

LNK Files

Posted on February 24, 2019 by Harlan Carvey

Update, 28 Feb: Just a quick note…this post is not about tools. I do not mention any tools in the post, and the content isn’t about one tool being better than another. I do mention using a hex editor, but that is simply to verify finds from whi… Continue reading LNK Files→

Tribe of Hacker Responses

Posted on February 23, 2019 by Harlan Carvey

When I shared my review of Marcus and Jennifer’s Tribe of Hackers, I suggested to the reader that there was value in responding the questions themselves. In this post, I’m sharing my first swag at my own responses to Marcus’s questions.1. If ther… Continue reading Tribe of Hacker Responses→

Aperture

Posted on February 22, 2019 by Harlan Carvey

If you follow me on Twitter or LinkedIn, you will very likely have seen me mention “aperture” more than a few times. My use of the term has been in reference to digital analysis work (DFIR), as well as to the production and use of threat intellig… Continue reading Aperture→

Review: Tribe of Hackers

Posted on February 7, 2019 by Harlan Carvey

I’m not a hacker. Yes, I’m intensely curious about technology, and in particular, computing. However, I don’t consider myself a “hacker”, in the sense that the term began to be used in the mid- to late-’90s. That is, the term was co-o… Continue reading Review: Tribe of Hackers→

Data Points And Analysis

Posted on February 5, 2019 by Harlan Carvey

In DFIR and “threat intel” analysis, very often individual data points are dismissed out of hand, as they are thought to be easily mutable. We see it all the time, don’t we? We find a data point, and instead of just adding it to our picture of th… Continue reading Data Points And Analysis→

RegRipper

Posted on January 30, 2019 by Harlan Carvey

I recently tweeted that, as far as I’m aware, Nuix’s Workstation/Investigator product is the only commercial product that incorporates RegRipper, or RegRipper-like functionality.Brian responded to the tweet that both OSForensics and OpenText include th… Continue reading RegRipper→

Just For Fun…

Posted on January 15, 2019 by Harlan Carvey

OS/2Warp running in VirtualBoxWhen I started graduate school in June 1994, I showed up having used Win3.1 and AOL for dial-up. While in grad school, I began using Sparc systems running SunOS (web browser was Netscape), which is what was available… Continue reading Just For Fun…→

A Tale of Two Analyses

Posted on January 9, 2019 by Harlan Carvey

I recently shared my findings from an analysis challenge that Ali posted, and after publishing my post, found out that Adam had also shared his findings. Looking at both posts, it’s clear that there are two different approaches, and as I read thr… Continue reading A Tale of Two Analyses→