4n6 Week 34 – 2024 - FORENSIC ANALYSIS
本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
0xdf hacks stuff
ctf htb-sherlock hackthebox forensics sherlock-reaper dfir ntml net-ntlmv2 ntlmrelayx ntlm-relay win-event-4624 win-event-5140 pcap wireshark llmnr jq evtx-dump Aug 22, 2024 HTB Sherlock: Reaper Reaper is the investigation of an NTLM relay attack. The attacker works from within the network to poison an LLMNR response when a victim has a typo in the host in a share path. This results in the victim authenticating to the attacker, who relays the authentication to another workstation to get access t...
Cellebrite
Cyber Triage
Digital Forensics Myanmar
eCDFP (Module-6) (Window Forensics) (Part - 7) Get link Facebook Twitter Pinterest Email Other Apps August 20, 2024 Windows Search Indexer က Window မှာ File/Folder/Email/Program တို့ကို ရှာဖွေရာမှာ မြန်မြန်ဆန်ဆန်ရှာနိုင်ဖို့အတွက် Window Vista ကနေစပြီးပါဝင်လာပါတယ်။ Window Server တွေကလွဲရင် ကျန်တဲ့ အများအသုံးပြုတဲ့ Window တွေမှာ Default အနေနဲ့ Enabled ဖြစ်နေပါတယ်။ Window Server 2008-2022 အထိ Index လုပ်တဲ့ပုံစံက အတူတူပဲဖြစ်ပါတယ်။ Window Server တွေမှာတော့ Default Disable ဖြစ်ပါတယ်။Window Search Inde...
eCDFP (Module-6) (Window Forensics) (Part - 8) Get link Facebook Twitter Pinterest Email Other Apps August 21, 2024 Prefetch File Forensics Window XP ကနေစပြီး Window Boot လုပ်တဲ့အချိန်နဲ့ Application/Process တွေ Loading လုပ်တဲ့အချိန်နည်းအောင် တစ်နည်းအားဖြင့် Window Performance ပိုပြီးကောင်းဖို့အတွက် Prefetch File တွေကို အသုံးပြုလာပါတယ်။ Window Cache Manager က Storage ပေါ်ကနေ Running လုပ်နေတဲ့ Storage ပေါ်မှာရှိနေတဲ့ Application တွေကို ပထမဆုံး Boot လုပ်တဲ့အချိန် 2 မိနစ်နဲ့ Startup Application တွေ...
eCDFP (Module-6) (Window Forensics) (Part - 9) Get link Facebook Twitter Pinterest Email Other Apps August 23, 2024 Application Compatibility ဆိုတာက Old Application တွေ ဒါမှမဟုတ် အချို့သော Application တွေကို New Version Window ပေါ်မှာ Run လို့ရအောင်ပြုလုပ်ပေးပါတယ်။ AppCompactCache (ShimCache) က Window Explorer မှာပေါ်တဲ့ Window Explorer ကနေကြည့်ရင်မြင်နိုင်တဲ့ Application/Script Files မှန်သမျှကို Compatibility Issues အနေနဲ့ Run နိုင်အောင်လုပ်ပေးဖို့ ShimCache ထဲမှာမှတ်သားထားပါတယ်။ Shim Cache Loc...
Forensafe
23/08/2024 Friday The Adidas Runtastic app is a sports application that offers various features for tracking athletic activities. It helps users monitor their sports and fitness goals, including running sessions and more. According to the application's page on the Google Play Store, over 170 million people use Adidas Running to track more than 90 sports and activities. Digital Forensics Value of Android Addidas Runtastic In mobile forensics, GPS and location artifacts are vital for investigation...
Joshua Hickman at ‘The Binary Hick’
- F1TYM1 Pingback: Not All Androids Who Wonder Are Lost. A Look At Android’s Find My Device Network - TQT Group Leave a ReplyCancel reply Search for: Categories Mobile (43) Android (31) Apple (13) iOS (12) Desktop (5) Tags Android (8) Mobile (4) Hands-Free (3) Auto (2) Google Assistant (2) Year 2024 (4) 2023 (4) 2022 (10) 2021 (12) 2020 (7) Follow Blog via Email Enter your email address to follow this blog and receive notifications of new posts by email. Email Address Follow Join 909 other subsc...
Katherine Nayan
Android Forensics: APK Downgrades - An Introduction 19 Aug 2024 5 minutes Hello! Welcome to my first post 🫣! Throughout college, I didn’t get to work on personal projects as much as I wanted to but now that I’ve graduated, I get to dive deeper into the world of digital forensics on my own time. This is a personal project that I started around May 2024 and this blog post serves as an introduction to my series: Android Forensics: APK Downgrades. My main motivation for doing this is making sure I c...
Mike at ØSecurity
Mike Aug 21, 2024 • 7 min read Let’s set some background first.Back in Windows XP and prior, the mere existence of AppCompatCache (aka Shimcache) could be used to prove execution. A program wasn’t shimmed unless it was actually executed. This changed in Windows 7, 8, and 8.1 (presumably Vista as well, but nobody used it) where a program could be shimmed due to multiple reasons, such as just viewing it in file explorer. However, there was an additional Insert Flag that, with a specific value, cou...
AbdulRhman Alfaifi at u0041
On Windows 11, Notepad stores a cache of recently opened files. This cache contains valuable information, such as file paths, file contents, and other useful data. In this article, we will examine the structure of the Notepad cache and provide a custom parser to extract this information for forensic investigations. AbdulRhman Alfaifi 18 Aug 2024 Hi 👋, In this blog post, I’ll be exploring a relatively new artifact in Windows 11. This artifact is related to the Notepad application and contains inf...
4n6 Week 34 – 2024 - UPCOMING EVENTS
本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
UPCOMING EVENTS
Archan Choudhury at BlackPerl
YouTube video
Belkasoft
Belkasoft team is happy to announce our fifth online DFIR conference. We invite you to share your expertise on digital forensics and incident response with your colleagues from all over the world. We welcome proposals from digital forensic experts, incident responders, students and examiners. Your presentation should focus on the current and challenging topics in the industry and should last about 15-20 minutes. The submission deadline is September 24, 2024. The conference starts on October 21. ...
Black Hills Information Security
YouTube video
Magnet Forensics
With both iOS and Android capturing amazing details on what applications are considered “In Focus” over time. These pattern of life artifacts are often highly sought after but can bring up a lot of additional questions. Can we tell what the user did inside that application? Can we tell how they got to that application and where they went next? In this Episode of Mobile Unpacked, we’ll break down the artifacts used to determine what applications are considered “In Focus” in iOS and Android and he...
Medex Forensics
Skip to Main Content Skip to Main Content Support English English Español Deutsch 简体中文 繁體中文 Français Português 日本語 Русский 한국어 Italiano Tiếng Việt Polski Türkçe Bahasa Indonesia Nederlands Svenska Copyright ©2024 Zoom Video Communications, Inc. All rights reserved. Privacy & Legal Policies Do Not Sell My Personal Information Cookie Preferences
Paraben Corporation
YouTube video
Recorded Future
Wednesday, August 28th, 1pm ET There are 1,000s of threat actors ranging from ransomware groups, initial access brokers, hacktivists, fraudsters and many more. Ensuring you have visibility into the threat actors showing an intent and capability to target your organization is essential for getting ahead of present and future threats. In this live demo Recorded Future experts will help you understand how Recorded Future can be used to provide a structured, repeatable method for identifying and pri...
Justin Vaicaro at TrustedSec
The Hunter’s Workshop: Mastering the Essentials of Threat Hunting August 22, 2024 The Hunter’s Workshop: Mastering the Essentials of Threat Hunting Written by Justin Vaicaro Threat Hunting As an incident unfolds, skilled threat hunters with a special talent for uncovering hidden threats stand at the ready. These hunters smoke jump into the chaos and meticulously sift through network logs and endpoint telemetry, hunting for elusive threat actors' digital fingerprints. With unwavering determinatio...
4n6 Week 34 – 2024 - PRESENTATIONS/PODCASTS
本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
PRESENTATIONS/PODCASTS
Adversary Universe Podcast
Download1.2KFAMOUS CHOLLIMA, a new adversary CrowdStrike is tracking, has recently made headlines for its insider threat activity. In April 2024, CrowdStrike Services responded to the first of several incidents in which FAMOUS CHOLLIMA threat actors targeted 30+ US-based companies. The insiders claimed to be US residents and were hired for remote IT positions, which granted them access they exploited to attempt data exfiltration, install malware and conduct other malicious activity. CrowdStrike ...
Black Hat
YouTube video
Black Hills Information Security
YouTube video
Breaking Badness
Cellebrite
YouTube video
Clint Marsden at the TLP – Digital Forensics Podcast
Cloud Security Podcast by Google
- EP186 Cloud Security Tools: Trust the Cloud Provider or Go Third-Party? An Epic Debate, Anton vs Tim
Guest: A debate between Tim and Anton, no guests Topics: Cloud Posture and Hygiene Cloud Security Practices 29:29 Subscribe at Spotify.Subscribe at Apple Podcasts.Subscribe at YouTube Topics covered: You must buy the majority of cloud security tools from a cloud provider, here is why.You must buy the majority of cloud security tools from a 3rd party security vendor, here is why. Resources: A blog post based on this episode: "The Great Cloud Security Debate: CSP vs. Third-Party Security Tools"EP7...
Cyber Social Hub
YouTube video
Gerald Auger at Simply Cyber
YouTube video
YouTube video
YouTube video
Huntress
YouTube video
InfoSec_Bret
YouTube video
Intel471
Aug 19, 2024 In 2006, a new type of malware appeared on the scene. Its name was Zeus. It was enormously profitable for its cybercriminal developers, who used it to steal tens of millions of dollars from businesses and organizations of all sizes. Those behind the scheme had honed a new model: cybercrime-as-as-service, where individuals focus on their specialities – creating malware, employing money mules, acting as system administrators. Zeus frustrated victims and left some in ruins. It defeated...
John Hammond
YouTube video
Magnet Forensics
Mobile devices have become engrained in our daily lives, so when someone commits a crime, mobile data is almost always a critical source of evidence. Magnet Forensics offers a range of solutions for mobile investigations to provide you with all of the tools necessary to conduct thorough and efficient forensic examination of iOS and Android devices. Join Jay Varda as he delves into how Magnet Forensics solutions like Magnet Graykey, Magnet Graykey Fastrak, Magnet Axiom, and Magnet Automate can be...
As the complexity and volume of data in digital investigations continues to rise, and accessing remote endpoints remains a challenge, it’s never been more important to streamline and simplify your investigations. Join Jeff Rutherford, Forensic Consultant, and Andrea Hruska, Senior Product Marketing Manager, as they provide an overview of Magnet Axiom Cyber’s key functionality and features. Register now to learn how Axiom Cyber simplifies: On and Off-network Remote Collection: Conduct reliable co...
MSAB
YouTube video
MyDFIR
YouTube video
YouTube video
Paraben Corporation
YouTube video
Sandfly Security
YouTube video
SANS
Alison Kim A Visual Summary of SANS DFIR Summit 2024 Check out these graphic recordings created in real-time throughout the event for SANS DFIR Summit 2024 August 22, 2024 On August 22-23, attendees in Salt Lake City, Utah and thousands from around the globe tuned in for the SANS DFIR Summit. Top practitioners and global experts shared actionable ideas, methods, and techniques to overcome obstacles, discover the latest open-source forensic tools, and connect with leading DFIR professionals.We in...
Security Conversations
SnapAttack
YouTube video
The Microsoft Security Insights Show
Microsoft Security Insights Show Episode 223 - Hatim Othmanwww.microsoftsecurityinsights.comCopy linkFacebookEmailNoteOtherThe Microsoft Security Insights ShowMicrosoft Security Insights Show Episode 223 - Hatim OthmanShare this postMicrosoft Security Insights Show Episode 223 - Hatim Othmanwww.microsoftsecurityinsights.comCopy linkFacebookEmailNoteOther1×0:00-1:00:53Audio playback is not supported on your browser. Please upgrade.Microsoft Security Insights Show Episode 223 - Hatim OthmanSteveRo...
4n6 Week 34 – 2024 - MALWARE
本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
MALWARE
Anchored Narratives
anchorednarratives.substack.comCopy linkFacebookEmailNoteOtherReversing DISGOMOJI with Malcat like a BOSSA review of a binary analysis platform for threat analysts and reversersRJMAug 18, 20242Share this postReversing DISGOMOJI with Malcat like a BOSSanchorednarratives.substack.comCopy linkFacebookEmailNoteOtherShareCover: BOSS is an Indian-based Linux distribution used by the Indian governmentDisclaimer: The views, methods, and opinions expressed at Anchored Narratives are the author’s and do n...
Any.Run
August 20, 2024 Add comment 1159 views 3 min read HomeNewsNew ValleyRAT Campaign Spotted with Advanced Techniques Recent posts What is Cyber Threat Intelligence 1428 0 Recent Phishing Campaigns Discovered by ANY.RUN Researchers 2733 0 New ValleyRAT Campaign Spotted with Advanced Techniques 1159 0 HomeNewsNew ValleyRAT Campaign Spotted with Advanced Techniques A sophisticated campaign is targeting Chinese-speaking users, distributing a malware known as ValleyRAT. What’s happening? There’s a new c...
Dr Josh Stroschein – The Cyber Yeti
YouTube video
YouTube video
Patrick Wardle at Objective-See
Analyzing crash reports reveals malware, bugs, & much more! by: Patrick Wardle / August 13, 2024 The Objective-See Foundation is supported by: Jamf Kandji 1Password CleanMyMac X Palo Alto Networks Malwarebytes iVerify Huntress This research was originally presented at BlackHat USA. In this blog we touch on some of the main highlights and take aways from the talk. ▪️ Slides: “The Hidden Treasures of Crash Reports” ▪️ In the News: “Computer Crash Reports Are an Untapped Hacker Gold Mine” Backgroun...
Christiaan Beek at Rapid7
Aug 20, 2024 5 min read Christiaan Beek Last updated at Fri, 23 Aug 2024 19:15:44 GMT The sale and purchase of unauthorized access to compromised enterprise networks has become a linchpin for cybercriminal operations, particularly in facilitating ransomware attacks. Underground forums are sharing guidelines on breaching networks and selling the access they obtain, leaving the exploitation to other malicious actors.On underground criminal forums, these transactions allow actors with complementary...
Stephan Berger
22 Aug 2024 Table of Contents Introduction First Stage Second Stage Shellcode Dynamic Analysis Persistence There is moar Introduction To improve my rusty reverse-engineering skills, I’m going to analyze various malware samples that have come up in our incident response cases in loose succession. The first sample belongs to the Fenix botnet (sample here). In this post, we analyze a sophisticated malware infection chain that begins with a user downloading a ZIP file from a Dropbox link and culmina...
Ben Martin at Sucuri
Synacktiv
Rédigé par Théo Letailleur - 18/08/2024 - dans CSIRT - Téléchargement The LAPSUS$ threat group has been known since 2021 for spear phishing, data theft, and extortion against large companies (e.g., Microsoft, Nvidia, Uber). Although evidence of destruction methods was reported, there was no known use of ransomware. In June 2024, LAPSUS$ announced its closure. However, two months later, a new ransomware called HexaLocker was advertised on Telegram channels. Its "only real" admin and probable...
Mattias Wåhlén and Nicklas Keijser at Truesec
UltimaCybr
More bark, less bite? Posted on August 22, 2024 A new ransomware threat has emerged, targeting Linux systems and written in the Rust programming language. Last week I spotted this post by @MalGamy12 about a new group that had created some ransomware. The group goes by the name Team Akita, with the ransomware dubbed AkitaCrypt. The post by @MalGamy12 is believed to be the first ‘In The Wild’ (ITW)’ sample available for analysis, uploaded to VirusTotal in early August. Although this is the first t...
VMRay
WeLiveSecurity
ESET analysts dissect a novel phishing method tailored to Android and iOS users Jakub Osmani 20 Aug 2024 • , 12 min. read In this blogpost we discuss an uncommon type of phishing campaign targeting mobile users and analyze a case that we observed in the wild that targeted clients of a prominent Czech bank. This technique is noteworthy because it installs a phishing application from a third-party website without the user having to allow third-party app installation. For iOS users, such an action ...
Android malware discovered by ESET Research relays NFC data from victims’ payment cards, via victims’ mobile phones, to the device of a perpetrator waiting at an ATM Lukas StefankoJakub Osmani 22 Aug 2024 • , 19 min. read ESET researchers uncovered a crimeware campaign that targeted clients of three Czech banks. The malware used, which we have named NGate, has the unique ability to relay data from victims’ payment cards, via a malicious app installed on their Android devices, to the attacker’s r...
Zhassulan Zhussupov
Malware development: persistence - part 26. Microsoft Edge - part 1. Simple C example. 3 minute read ﷽ Hello, cybersecurity enthusiasts and white hackers! This post came about in preparation for a workshop on Malware Persistence techniques that I teach at various conferences in Europe and Asia. This post shows that interesting persistence methods can be found via Sysinternals Procmon via filters, this is a well-known and popular method, I just want to show it in practice. In my case, everything ...
Ruchna Nigam at ZScaler
RUCHNA NIGAM - Principal Security ResearcherAugust 21, 2024 - 17 min read Threatlabz ResearchContentsIntroductionKey TakeawaysOverviewTechnical AnalysisConclusionZscaler CoverageIndicators Of Compromise (IOCs)More blogsCopy URLCopy URLIntroductionZscaler ThreatLabz recently analyzed a new variant of Copybara, which is an Android malware family that emerged in November 2021. The malware is primarily spread through voice phishing (vishing) attacks, where victims receive instructions over the phone...
4n6 Week 34 – 2024 - MISCELLANEOUS
本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
MISCELLANEOUS
Marco Fontani at Amped
Marco Fontani August 21, 2024 Reading time: 2 min Amped Software co-authored a scientific paper, this time about detecting double encoding in HEIF images. Read the paper, it’s open access! Dear friends, we’re glad to share some good news with you! We’ve just co-authored a paper published in Sensors about the forensic analysis of HEIF files, specifically to detect double HEIC (High-Efficiency Image Coding) compression. Indeed, the HEIF format is becoming ubiquitous thanks to its superior encoding...
Craig Ball at ‘Ball in your Court’
- TQT Group davidkeithtobin said: August 19, 2024 at 11:34 AM great stuff – and for free! thank you! LikeLike Reply Pingback: Week 34 – 2024 – This Week In 4n6 Leave a comment Cancel reply Δ Follow Ball in your Court on WordPress.com E-mail me the posts! Enter your email address to subscribe to this blog and receive notifications of new posts by email. Email Address: Sign me up! Join 5,017 other subscribers Recent Posts Adapting Requests for Production for AI GLLM Assessment August 19, 2024 AI D...
Elan at DFIR Diva
Posted on August 21, 2024 by DFIR Diva Events 0 Hi everyone! I partnered with Techno Security & Digital Forensics Conference as an Industry Supporter. The conference takes place September 16th – 18th, 2024 in Pasadena, CA. You can get 10% off registration using code: DFDV24 The conference will feature several educational sessions led by industry professionals and sponsoring/exhibiting companies who will introduce and demonstrate the latest tools, products, and services in the industry. Education...
Forensic Focus
Magnet Forensics Acquires Medex Forensics, Strengthening Video Evidence Integrity
GMDSOFT : MD-VIDEO AI Unveils New Features And Expands Global Reach
Decrypt Data In Air-Gapped Environment With Passware Kit Ultimate
Andrea Lazzarotto, Digital Forensics Consultant and Developer
Next Level In Mobile Data Extraction And Decoding – XRY 10.10.1
Kaido Järvemets at Kaido Järvemets
Automating Arc-Enabled Server Log Collection with Azure Run Command Kaido Järvemets August 21, 2024 IntroductionHave you ever found yourself drowning in a sea of server logs, desperately trying to troubleshoot an issue? I’ve been there, wrestling with extension-related problems on my Azure Arc-enabled servers. Each time I reached out to support, they’d ask for logs, and I’d groan at the thought of logging into every single server.But then I had an idea: What if I could create a script that uses ...
Magnet Forensics
While digital evidence is commonly linked to crimes like child exploitation, violent offenses, and cybercrimes, its significance extends to almost every crime, including understanding the complexities of vehicle accidents. A traditional vehicle accident investigation focuses on reconstructing the physical scene and Magnet Axiom adds a crucial new dimension: the digital traffic crash scene. Consider the frequent issue of drivers being distracted by their phones and leading to traffic crashes, or ...
Matt Suiche
Bob and Alice in Kernel-land - Part 2 Aug 23, 2024 · 691 words · 4 minute read It’s been a month since I wrote Part 1 of “Bob and Alice in Kernel-land”. As expected, we saw minimal constructive feedback from vendors, with a few notable exceptions. Sophos provided the most detailed information about their drivers, while CrowdStrike offered valuable insights into their kernel architecture, including the use of Microsoft’s Winsock kernel file transfer. This feature, introduced in Windows Vista+, ...
Medex Forensics
August 19, 2024 To our valued colleagues and customers, We are thrilled to announce that Medex Forensics is now a part of Magnet Forensics, a developer of digital investigation software used globally by public safety organizations and enterprises.Your Medex Forensics team will remain the same, including your primary contacts for support, training, renewals, and general communications. Additionally, there will be no changes to your license and access to the Medex Video Authentication Platform. We...
Karam Abu Hanna at Microsoft’s ‘Security, Compliance, and Identity’ Blog
N00b_H@ck3r
SANS FOR500 (GCFE) vs 13Cubed Investigating Windows Endpoints Posted bylightkunyagami August 18, 2024August 18, 2024 2 Comments on SANS FOR500 (GCFE) vs 13Cubed Investigating Windows Endpoints I am writing this comparison between the FOR500 (GCFE) and 13Cubed Investigating Windows Endpoints based on my experience studying both the study materials and taking their respective certification exams. I sat and passed the GCFE on 8/6/2024: I got certified in Investigating Windows Endpoints on 8/16/2024...
Oxygen Forensics
Jonathan Reed at Security Intelligence
Industrial organizations recently received a report card on their performance regarding data breach costs. And there’s plenty of room for improvement. According to the 2024 IBM Cost of a Data Breach (CODB) report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023. These figures place the industrial sector in third place for breach costs among the 17 industries studied. On average, data breaches cost i...
Teru Yamazaki at Forensicist
2024/08/20 (火) - 22:19 NSRLJP_202408をリリースしました。Windows 11, 2022の追加とメジャーアプリケーションの最新版までを含めています。
Volatility Foundation
The Plugin Contest is straightforward: Create an innovative and useful extension to Volatility 3 and win! 1st place wins one free seat at any future Windows Malware and Memory Forensics Training or 3000 USD cash 2nd place wins 2000 USD cash 3rd place wins 1000 USD cash More information about the Volatility 3 can be found here. Contest Results The winners will be announced in a blog post, which will be linked here. Here’s the announcement for last year’s contest winners. Rules of Engagement The...
Passware
August 20, 2024 Product Update Passware Kit Ultimate – Air-Gapped Edition enables investigators to access data from locked mobile devices, computers, encrypted disks, and files – all with a single license, and in environments without Internet access. Continue Reading Effortless Management of a Password Recovery Cluster August 01, 2024 How-To Handling encrypted items in a forensic case, especially with Full Disk Encryption (FDE) images and archives, requires significant computational resources. T...
4n6 Week 34 – 2024 - SOFTWARE UPDATES
本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
SOFTWARE UPDATES
Acelab
August19, 2024 The New Software Update: PC-3000 Ver. 7.5.x, Data Extractor Ver. 6.5.x, PC-3000 SSD Ver. 3.5.x has been released The new PC-3000 Express/UDMA/SAS/Portable software version 7.5.x has been released. PC-3000 Ver. 7.5.x Data Extractor Ver. 6.5.x PC-3000 SSD Ver. 3.5.x The latest update brings a lot of new useful features, like full support of 4K displays into the PC-3000 interface, new families for WD Marvell and Seagate F3, the new HDD ROM wizard for Seagate drives as well as the new...
Canadian Centre for Cyber Security
Skip to content Navigation Menu Toggle navigation Sign in Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments GitHub Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions By size Enterprise Teams Startups By industry Healthcare Financial services Manufacturing By...
Capa
v7.2.0 Latest Latest Compare Choose a tag to compare Loading View all tags mr-tz released this 20 Aug 18:15 · 38 commits to master since this release v7.2.0 f6b7582 This commit was created on GitHub.com and signed with GitHub’s verified signature. GPG key ID: B5690EEEBB952194 Learn about vigilant mode. capa v7.2.0 introduces a first version of capa explorer web: a web-based user interface to inspect capa results using your browser. Users can inspect capa result JSON documents in an online web in...
Compelson
Report this article Compelson Compelson Makers of MOBILedit. Our tools extract evidence from smartwatches, mobile phones, and clouds to successfully fight crime Published Aug 22, 2024 + Follow Less than a month after releasing version 9.4, the MOBILedit Team is back with version 9.4.1, introducing new features and improvements. This update enhances security bypassing capabilities and delivers even more data for users' forensic analysis.What’s newPossible to detect if a device uses a password, PI...
Hasherezade
Skip to content Navigation Menu Toggle navigation Sign in Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments GitHub Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions By size Enterprise Teams Startups By industry Healthcare Financial services Manufacturing By...
MISP
- go to homepage Toggle Navigation Home Features Data Models Data Models MISP core format MISP taxonomies MISP Galaxy MISP Objects Default feeds Documentation Documentation Documentation OpenAPI Tools Support Contributing Research projects Research topics Legal License Legal and policy GDPR ISO/IEC 27010:2015 NISD Communities Download Events Upcoming events Past events Webinars Hackathon MISP Summit News Contact Reaching us Contact Us Press inquiries Professional Services Commercial Support Secu...
MSAB
/ Updates / XRY 10.10.1: Enhanced capabilities for better investigations The latest versions of XRY and XRY Pro are here and available for download. The most recent release introduces key enhancements and heightened capabilities of our flagship tool, positioning law enforcement agencies for greater success in their digital investigations. Download new release These are some of the key updates: Enhanced support for Android Full File System consent extractions iOS 18 Beta support Enhancements made...
OpenCTI
Version 6.2.15 Latest Latest Compare Choose a tag to compare Loading View all tags Filigran-Automation released this 23 Aug 09:20 · 7 commits to master since this release 6.2.15 738cc69 This commit was signed with the committer’s verified signature. Filigran-Automation Filigran Automation GPG key ID: C708FDB840E80D34 Learn about vigilant mode. Bug Fixes: #8134 UI Bug: Limited File Display and Missing Scrollbar in File Upload & Import Interfaces #8124 Rule engine list view is crashing (out of mem...
Phil Harvey
ExifTool Version History RSS feed: //exiftool.org/rss.xml Note: The most recent production release is Version 12.76. (Other versions are considered development releases, and are not uploaded to MetaCPAN.) Aug. 20, 2024 - Version 12.93 Added a new Nikon LensID Added a couple of new OpenEXR Compression types Added a couple of new QuickTime Keys tags Decode timed metadata from E-ACE B44 dashcam videos Made "Unrecognized" Samsung Meta warnings minor Fixed bug in -listg6 option which resulted in "uni...
Semantics21
- Introducing S21 CCTV.pdf?utm_medium=email&hsenc=p2ANqtz-JTUik4387alhSMd6XjzCLAK-h353r2socibUxZZhBwMAx_aDSCXtdopUAMXIIXZyjMpy_cESE-Hr6-JFqfmDlujVj-A&_hsmi=320920826&utm_content=320920826&utm_source=hs_email)
WithSecure Labs
Skip to content Navigation Menu Toggle navigation Sign in Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments GitHub Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions By size Enterprise Teams Startups By industry Healthcare Financial services Manufacturing By...
Skip to content Navigation Menu Toggle navigation Sign in Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments GitHub Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions By size Enterprise Teams Startups By industry Healthcare Financial services Manufacturing By...
Xways
X-Ways Forensics 21.2 Log Out | Topics | Search Moderators | Edit Profile X-Ways User Forum » Public Announcements » X-Ways Forensics 21.2 « Previous Next » Author Message Stefan Fleischmann Username: adminRegistered: 1-2001Posted on Friday, Apr 19, 2024 - 16:20: A preview version of X-Ways Forensics 21.2 is now available. The latest download instructions including password can be retrieved by querying one's license status, as always. What's new in v21.2 Preview? * The limit of ~2 billion hash v...
X-Ways Forensics 21.3 Log Out | Topics | Search Moderators | Edit Profile X-Ways User Forum » Public Announcements » X-Ways Forensics 21.3 « Previous Next » Author Message Stefan Fleischmann Username: adminRegistered: 1-2001Posted on Wednesday, Aug 14, 2024 - 3:46: A preview version of X-Ways Forensics 21.3 is now available. The latest download instructions including password can be retrieved by querying one's license status, as always. What's new in v21.3 Preview? * Ability to present the files...
Yamato Security
Skip to content Navigation Menu Toggle navigation Sign in Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments GitHub Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions By size Enterprise Teams Startups By industry Healthcare Financial services Manufacturing By...
4n6 Week 33 – 2024 - FORENSIC ANALYSIS
本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Andrea Fortuna
Aug 15, 2024 As smartphones continue to be an integral part of our daily lives, they also become increasingly valuable sources of digital evidence in investigations. Android, being one of the most widely used mobile operating systems, is often at the forefront of these investigations. With the release of Android 14, forensic analysts must adapt their techniques and tools to effectively extract and analyze data from devices running this latest version. Key Changes in Android 14 Before diving into...
Digital Forensics Myanmar
eCDFP (Module-6) (Window Forensics) (Part - 6) Get link Facebook Twitter Pinterest Email Other Apps August 12, 2024 Recycle Bin Forensics Computer မှာ File ဖျက်တဲ့အခါမှာ Shift + Delete နှိပ်ပြီး Recycle Bin ထဲရောက် တာကိုရှောင်ရှားနိုင်ပေမဲ့ User က အမှတ်တမဲ့နဲ့ Shift + Delete မနှိပ်ပဲ Recycle Bin ထဲကို ဖျက်လိုက်တဲ့အခါ File က Recycle Bin ထဲ ရောက်ရှိနေနိုင်ပါတယ်။ Shift + Delete နှိပ်ပြီးဖျက်လိုက်တဲ့ Data တွေကို ပြန်လိုချင်တယ်ဆိုရင် File System, Storage Level အပိုင်းဖြစ်ပါတယ်။ Recycle Bin က Window မ...
Forensafe
16/08/2024 Friday Here WeGo is a web-based mapping and satellite navigation software operated by HERE Technologies, accessible on both web and mobile platforms. It utilizes HERE's location data platform, offering local data that includes satellite views, traffic information, and various location services. Digital Forensics Value of Android Here WeGo In the realm of mobile forensics, GPS and location artifacts are critical components of an investigation. Consequently, the Here WeGo application po...
Kevin Stokes
Oxygen Forensics
Kokab Rasool at Paraben Corporation
Rajendra Prasanth S
Report this article Rajendra Prasanth S Rajendra Prasanth S Principal Cyber Security Incident Responder | Ransomware researcher| IR- SOPHOS Published Aug 15, 2024 + Follow Understanding File System Tunneling: An In-Depth LookFile system tunneling is a feature that can seem like a minor technical detail, but it plays a significant role in the way files are handled by operating systems like Windows. For most users, this feature operates behind the scenes, ensuring smooth and consistent experiences...
John Brown at SANS
John Brown Up and Running with Siftgrab Siftgrab was developed to assist individuals of any experience level in identifying and correlating forensic artifacts. August 13, 2024 One of the most comprehensive resources for introducing newcomers to Digital Forensics and Incident Response (DFIR) is the SANS Windows Forensic Analysis Poster. Because Microsoft continues to hold the largest operating system market share, it makes sense to start with Windows forensics. Itâs also widely acknowledged tha...
System Weakness
Raymond Chen at The Old New Thing
Raymond Chen August 15th, 20247 2 Some time ago, we learned why the module timestamps in Windows 10 are so nonsensical: Because they aren’t timestamps any more. They are a hash of the resulting binary. But why not invent a new field called, say, UniqueValue for the hash, rather than putting it in the timestamp field? //t.co/iPc0RdM9vc yes, stupid decision imho; could use a diff. field for that — Adam (@Hexacorn) February 15, 2024 Well, for one thing, that would be a breaking change. If you take ...
