Home News Site Map Contact Us   
White Oak Labs: Intrusion Prevention Software Take care of quality, so products won't come back. Take care of customers, so they will.

 
Intrusion
Prevention
VOIP
Services
Partners
Patents
About Us
 
 
White Oak Labs
in the news:

DFRWS 2007

Defcon 2007

CEIC 2007

HTCIA Intl. 2007

GMU Forensics 2007

HTCIA Houston 2007

Daily Asterisk News

Information Security Magazine

Defcon 11

InfraGard Houston Conference

News

Recent Talks

Forensics Impact of Vista Event Logging — What You Need to Know
Monday May 7 — Technical Lecture 1
10:30 a.m. - 11:30 a.m.
Presented By Rich Murphey
Computer and Enterprise Investigations Conference 2007.

Dr. Muprhey presented a technical talk about how event logging has changed with Windows Vista and what this will mean for forensic analysis at the Computer and Enterprise Investigations Conference 2007.

Event logging in Windows Vista is quite different in terms of the way events are stored on disk and the way they are used by applications. Vista uses a new encoding of event records that lends itself to much broader flexibility for searching events. This encoding has a direct impact on forensic examination of event logs, which will be discussed in this presentation. The impact of the new application programming interface (API) is no less important. A primary role of the event log is support for debugging and tech support resolution. Such debugging information, in turn, provides significant value to forensic analysis where it indicates chronological traces of user activity. The new API offers far more dependable and detailed capabilities for monitoring. To the degree that this API motivates more pervasive debugging information, Vista event logs may provide greater capability to reconstruct timelines of user activity. During the presentation, sample Vista logs will be examined from a forensics perspective. Finally, the impact of these issues on relevant forensic tools will be explored.

Recent Press

Dr. Murphey was quoted and White Oak Labs was mentioned in a May 2003 feature article in Information Security Magazine discussing the caveats of evaluating and purchasing information security software.

"Ask for a copy of the software or a live demo in your environment to see how hard it is to install," says Dr. Rich Murphey, CEO and chief scientist for security provider White Oak Labs and the former principal architect at NetIQ. "If they tell you they need to send out a team of three people who will take a week to install it, that's a bad sign."

Recent Invited Presentations

Intrusion Prevention Techniques on Windows and Unix,
Dr. Rich Murphey, DEF CON 11, August 3, 2003

What exactly is intrusion prevention and why the heck should we care? This talk surveys some of the common features of Intrusion Prevention systems, largely constrained by architectural layering of Windows and Unix kernels. We then look at a case study of intrusion prevention and discuss how it differs from IDS, Firewall, AV, and others.

Recent Publications

  • Hardening Unix: End to End and Gap Analysis, Infragard Houston 2, Oct 15, 2002.
  • Hardening FreeBSD: Tips and Tricks, 2600 Club, Sept. 6, 2002.
  • How to Lock Down Your FreeBSD Install, BlackHat 6, August 1, 2002.
  • FreeBSD Exploits and Remedies, DefCon 10, August 2, 2002.

Recent additions to our web site are listed here. If you've visited us before and want to know what has changed, look here first.

Advice or comments regarding the site are most welcome! Please send them to webmaster@whiteoaklabs.com
Copyright © 2002-2007 White Oak Labs. All Rights Reserved.