SANS Digital Forensics and Incident Response Blog: Author - chrisu

DensityScout can handle multi-byte characters, now!

Due to a bug-report regarding issues when using DensityScout with filenames/paths including multi-byte characters I compiled and uploaded a new build which is now capable of handling this cases correctly. I strongly recommend switching to this new build as soon as possible. Get it from: Cheers, Christian Continue reading DensityScout can handle multi-byte characters, now!

Update for DensityScout

There's a new build of DensityScout available ( For the new build a scenario has been addressed where DensityScout could start to hang/loop during file computation. Happy DensityScout-ing ... Christian Continue reading Update for DensityScout

ProcDOT - Visual Malware Analysis

Dear like-minded people, I'm very proud to announce that our ( - CERT Austria) latest contribution to the malware analysis community is finally available as open beta. It's called ProcDOT - I already gave a preview of the alpha version some months ago at SANS Forensics Summit in Prague - and it is an absolute … Continue reading ProcDOT - Visual Malware Analysis

Finding (unknown) malware with DensityScout ...

Introduction The latest REMnux version has a new tool on board that's an completely unknown to you: "DensityScout". This article reveals all that you need to know to understand where and how this tool can save you hours of your precious time. NOTE: This article addresses build 42 of this tool. At the time of … Continue reading Finding (unknown) malware with DensityScout ...