Apparently the bug is just for SMB v2 and you can disabled SMB v2 if you are not using it.

More info. on

http://www.petri.co.il/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm

VJ

For more info

http://g-laurent.blogspot.com/

Looks like a Metasploit module will be added soon for this bug.

http://isc.sans.org/diary.html?storyid=7093&rss

Stay tuned

I think being most expensive and have a team of lawyers to defend it does not make it the best. Yes, agreed it is one of the better commercial collections of tools which can do some reliable point and click stuff.

Also, as you said  "but in litigation, tools used to always get questioned in terms of repeatability and procedure. " So if you can demonstrate repeatability and procedure with a tool in courts you dont need a team of expensive lawyers to defend it

the final point being it is very easy to use and Hex editor and modify the partition table just enough to make that expensive toold not be able to seee or read any data on the image or hard drive.

VJ

Unfortunately,

I have to disagree with the last post. I think Forensics is an Art and requires some level of skills and lots of dirty work to get it right. And, if any of the expensive tools could do that the Forensics investigators wouldn't be paid so much.

And every person would be a Forensic Expert.

I know the best in the business use the combination of Commercial and open source tools for their work, often writing new ones to suit the case they are working on.

Just my 0.00002 cents

VJ

Thanks Don for posting this and thanks Steve for beating me on the reply .. I bet Google works better on the west coast . close to source ?  

Well I just wanted to mention that I took the course back in April at SANS 2009 in Orlando, and since then the course is moved to 5 days starting SANS Fire.

The new Day 1 is all about Fuzzing written by Josh Wright.. So I don't think adding a day has slowed the pace down rather added some great stuff...

Hope this helps.. Steve maybe we get can beer when you are in the area

VJ

Congrats dude,  you really deserve it, also, if you are at DEFCON .. give CG hard time frome me .....

Congrats again.

VJ

I am disappointed that Don choose to omit some of the EXTRA CURRICULAR  ACTIVITIES which some of us have visual Evidence, in the review.

Don - Great job,

VJ

And for those of you not in DC area .. they will be streaming the event LIVE

DojoSec Monthly Briefings will be live streaming tonight @

http://stream.dojosec.com/

VJ

If you are in DC area, don't forget its tonight at 6:00 pm.

For all those attending ChicagoCon, I hope to meet you and maybe have a few drinks

Jason - Yes, I will get Don / Apollo  to have a few Ice Teas for you.

VJ

The only advice I can give or given to me when I was appearing before the SANS presentation training was to speak slowly and clearly.


VJ

Larry,

Congrats on your Mentor sessions. I am running one and a coupe of the schedule later this year/next year. If your need help or tips I will be happy to assist you.

VJ

The easiest way as mentioned earlier is Helix and netcat.exe. The netcat is included in Helix distro. For exact commands contact me I would be glad to help you out.

VJ

Its that time of the month again, Yes, If your are in DC metro area, the DojoSec Monthly briefings are schedule for May 7th 6:00 pm. More details can be found at

http://www.dojosec.com/

Its been impressive and for a $1, even if you are not interested in security topics the meal is not bad at all.

Last month they were streaming live, but I am not sure they will do it this month. Any case please refer to the web site for updates.

If you are there please come over and introduce.

VJ

Nicely done Ryan ... hope to see you @ChicagoCon

VJ

Thanks all !! ,,