Frequency analysis is a powerful tool in a variety of disciplines including cryptoanalysis, digital forensics and incident response. I may have first heard of its application to DFIR from Rob Lee, who was working for Mandiant at that time. Peter Silberman, also from Mandiant touched on the benefits of "least frequency analysis," here. Harlan Carvey has discussed the concept as well. I blogged about using the technique a few years back and coming full circle, Mandiant has expanded on the concept in their excellent data stacking post.
If you're working at scale and collecting large amounts of host level data in comma, tab (or other single character) separated values files, I've written a Powershell script, Get-Stakrank, which you may find useful for analysis. I've written up a use-case scenario in the readme.md file in the github repo for the project.
I intend to build a similar script for working with xml data as there are some common tools that produce XML output.
Sunday, December 29, 2013
Subscribe to:
Posts (Atom)
Paperclip Maximizers, Artificial Intelligence and Natural Stupidity
Existential risk from AI Some believe an existential risk accompanies the development or emergence of artificial general intelligence (AGI)...
-
If you're fortunate enough to be running a modern endpoint detection and response (EDR) product or even endpoint protection (EPP), you m...
-
I've been playing around with the matasano crypto challenges for my own edification. Let me say up front, I'm a noob when it comes t...
-
My last post here, XOR'd play: Normalized Hamming Distance, was a lengthy bit about the reliability of Normalized Hamming Distance to d...