Daan Raman from NVISO Labs has published a blog post about their new tool Рbinsnitch.py. You can use this tool to detect unwanted changes to the file system.

Use binsnitch.py to:

  • create¬†a baseline of trusted files for a workstation (golden image) and use it again later on to automatically generate a list of all modifications made to that system (for example caused by rogue executables installed by users, or dropped malware files). The baseline could also be used for other detection purposes later on (e.g., in a whitelist);
  • automatically generate hashes of executables in a certain directory (and its subdirectories);
  • carefully track which files are touched by malware¬†during live malware analysis.
Load More Related Articles
  • FSEParser v 2.1 released

    New version of¬†FSEventsParser has been released.¬†FSEvents files are written to disk by OS …
  • Volatility Workbench Beta

    PassMark Software has released a beta version of¬†Volatility Workbench –¬†a graphical …
  • Mac FS Events Parser for Autopsy

    Mark McKinnon has written¬†a plugin that will export the /.fseventsd directory to the temp …
Load More In Software

Leave a Reply

Your email address will not be published. Required fields are marked *