Where to start…I recently retired from 14 years in commercial construction to attend college, something I wish I would have done 15, 16…umm…17 years ago, but whaddaya gonna do? I am pursuing a Computer Science major, with a minor in Criminal Justice.
So why my interest in forensics? Basically, I like looking for needles in haystacks (although I have a tendency to just burn the haystack), and I like puzzles. My current base of experience with forensics is in the realm of malware removal and analysis. I volunteer a ton of time on other forums helping people rid their systems of adware and spyware, and quite enjoy the challenge. While not forensics in the same sense of which most of you are probably involved, it has given me an opportunity to learn where things hide, and how OSs can be exploited for fun and profit (not by me, but by greedy, sleezy, advertisers).
This summer, I intend on holding seminars for home users for the purpose of protecting their home systems from being exploited…it should be fun. When I finish with school, my intention is too freelance as a consultant for local attorneys, and local law enforcement.
In school, I have emphasized operating systems, and java programming, so hopefully I will be able to custom create some of my own tools, although calling myself any kind of a programmer would be generous to say the least.
And beyond that, I am here just simply to learn. 🙂
Welcome,
I would think you could hire yourself out for the removal of spyware alone. That is a challenge to say the least.
Hi groovicus,
One 'hot topic' is the Forensic Computing arena is the 'Trojan Defence'. With your background, (perhaps) this is something you could look at and discuss in the future.
Regards
Andy
P.S. I second Greg, and say Welcome
I am always willing to share any knowledge I may have. As far as trojan defense, my thoery is to have layered protection. Unfortunately, that also means a little hit in functionality in some cases.
If you are talking about Trojans in the classic sense (and I assume that you how a trojan is classified), alot of what we seem to be dealing with these days are applications that masquerade as Browser Enhancers, which once installed, downloads a bunch of tracking software and other garbage that takes a good deal of time, and a good deal of cursing, to remove. The common user is defenseless.
Some of the other things we see are popups that, when you click to close them, actually install hijackers. Malware using alternate data streams came into fashion this summer, and attached itself to critical system files, so we had a bit of a scramble learning how to delete those without deleteing the file it was attached to. One of the most recent ones involves modifying and attaching itself to explorer.exe. It's not too hard to remove, but I think when critical files are altered, then they have stepped over the line from merely annoting to criminal. Time will tell though.
In case you haven't noticed, I get a little long winded from time. Is it against board rules to include links to a couple of the forums I help on? We are always happy to look over systems for people, and we have a great group of volunteers. 🙂
The 'Trojan defense' Andy is talking about is where the suspect claims 'I didn't do it…it must be a virus/trojan'….
The best defense is where you claim that all suspect activity was carried out by an unknown virus that deleted itself!