Your book is awesome. However, i cannot get to your site because the domain blogspot is blocked. Any other URL’s or if its ok with Mr Roth, can you post more here?

Thanks

JM

Drop me a line if you’d like to see the code…

Harlan
keydet89 at yahoo dot com

I appreciate the shout-out.

Yes, I do all my stuff in Perl…thanks to you! I’m working on some WMI stuff for SysAdmin work, I have some cool WDM stuff that has to do with wireless on managed systems.

Some of the stuff I’ve been working on involves parsing binary file formats in a platform-independant manner…using “V” and “v” in my unpack() strings to force little-endianness…stuff has worked on Linux, as well as on MacOSX, both x86 and PPC platforms. This pertains to RAM dumps (using dd, or VMWare .vmem files), raw Registry files, etc.

I posted a couple modules on CPAN as well. One parses PE file headers in a binary format, bypassing the MS API. The same is true with pre-Vista Event Logs. There’s also a module for pulling metadata from Word docs, using both binary file formats, and OLE storage mechanisms.

I’m always looking for ways to make my job as a forensic analyst easier…