Brian Baskin

icon indicating a website link http://www.ghettoforensics.com icon indicating an email [email protected]

icon location Maryland icon location Malware analysis, reverse engineering, forensics, incident response person Almost all of my code is specific to these branches for whatever tasks I required.

Results 26 comments of Brian Baskin

Remove base directory from File Activity

Over a bottle of vodka, I finally realized what I was playing at. "[CreateFolder] Explorer.exe:199 > C:\malware" "[CreateFolder] Explorer.exe:199 > C:\malware" "[CreateFolder] Explorer.exe:199 > C:\malware" "[CreateFolder] Explorer.exe:199 > C:\malware" So...

question regarding procmon.pmc configuration file name and extenstion

I've kept the ProcmonConfiguration.PMC name because that's what SysInternals has always referred to it as. I don't want people to think that this is using an entirely new file format...

Exiting with error code: 8: Error creating PML

Does the PML file actually exist? This comes up only if Procmon ran and terminated without creating the output file. If this happens you could try running Procmon manually in...

hashlist and csv creation issues

Thank you! The CSV change was a bug in a recent update. The update had meant to only change the csv reading method for the event file, but not for...

hashlist and csv creation issues

Please reopen if there is more to add. Thanks!

Unresolved dependency on Systen.Net.Http

To add a data point here, I had the same issues as the originator. Though it told me I needed to install 4.8.0, which I did, then continued to do...