This is Chris Pogue's Typepad Profile.
Join Typepad and start following Chris Pogue's activity
Join Now!
Already a member? Sign In
Chris Pogue
Recent Activity
There are numerous ways to determine what change was made to the file, in my opinion, that's the easy part. Diff, strings, hash values, sfc, etc. I think the real challenge is not in the identification of the modification, but in the detection of the single file that was modified. As I pointed out in the post, and what I still think is the real meat of the issue, is how to tell? How can you tell if a legitimate Windows process has become weaponized. Again, think the best way to even get the point where you can employ something like SFC, is through live analysis, and correlation of data points. Great point! Thanks fro bringing that up! Chris
Chris Pogue is now following The Typepad Team
Nov 18, 2010