本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成＆投稿したものです。4n6 は こちら からご確認いただけます。「Buy me a coffee」からカンパをすると喜ばれます。

MISCELLANEOUS

Anton Chuvakin

• Combined SOC Webinar Q&A: From EDR to ITDR and ASO … and ChatGPT

In recent weeks, I did two fun webinars related to Security Operations, and there was a lot of fun Q&A. The questions below are sometimes slighting edited for clarity, typos, etc.For extra fun, I had ChatGPT answer some of them, to see if it can replace me :-)So, first, ISACA webinar “Modernize Your SOC for the Future” focused on our Autonomic Security Operations vision.Q: If not called SOC, would you like to share what you have named the team? [this question is related to the fact that at Googl...

Cassie Doemel at AboutDFIR

• AboutDFIR Site Content Update 12/17/22

AboutDFIR Site Content Update 12/17/22 By Cassie DoemelOn December 17, 2022December 16, 2022 Tools & Artifacts – Windows – new entry added – Defender Tools & Artifacts – iOS– new entries added – Dual SIM Phones, Photos.sqlite – ZINTERNALRESOURCE, Cache.db Tools & Artifacts – Android – new entries added – Sygic, Dual SIM Phones, Mastodon, Android 13 Image SANS Difference Makers Awards – Will update our page soon, but here’s a recording of the Ceremony Jobs – old entries cleaned up, new entries ad...

Craig Ball at ‘Ball in your Court’

• Seven Stages of Snakebitten Search

Seven Stages of Snakebitten Search 13 Tuesday Dec 2022 Posted by craigball in Computer Forensics, E-Discovery, General Technology Posts, Uncategorized ≈ 5 Comments I’ve long been fascinated by electronic search. I especially love delving into the arcane limitations of lexical search because, awful Grinch that I am, I get a kick out of explaining to lawyers why their hard-fought search queries and protocols are doomed to fail. But, once we work through the Seven Stages of Attorney E-Discovery Gri...

DFIR.Training

• Digital triage can do more than you time. It may save a life.

Digital triage can do more than save you time. It may save a life. Dec 13, 2022 Scenario (yes, this really happened): Parents reported their daughter missing. They gave the assigned detective a laptop that their daughter was using prior to being lured from home. The assigned detective conducted his own “triage” of the laptop by turning the laptop on poking around looking for clues. He even logged into the daughter’s social media accounts and did not find anything of value. I am sure you are crin...

Forensic Focus

• Cyacomb’s Jeffrey Bell, Brandon Gardner & Alan McConnell on the Facets of Digital Forensic Triage

• Si and Desi Holiday Special 2022

• Jad Saliba, Founder & CTO, Magnet Forensics

• Call for Participation: Women in Forensic Computing (WinFC) Digital Forensics Workshop and Bootcamp

Jonathan Johnson

• Uncovering Window Security Events

Uncovering Windows Security EventsPart 2: The MethodologyIn part 1 of this series, I touched on how data is the foundation for defensive capabilities and the importance for defenders to understand where and how telemetry is being generated. Along with these concepts, a project was released called TelemetrySource that encompasses both Windows Security and Sysmon events and how those events are being generated.As a previous post covers the methodology taken to uncover Sysmon events, this post will...

Kathryn Hedley

• GIAC exam prep hints & tips

After giving a talk at SANS CDI Dec 2022 with Brian Corcoran, I figured I should put together a blog post on hints and tips around prepping for GIAC exams, and the things I've found useful, so here it is... 0. Initial notes After sitting a class, take a break of a week or two before launching into prep. SANS classes are intense, and trust me, you need some down time! Do your prep well in advance of your exam so you're not rushed and have plenty of time to do everything you want to do While you'r...

Magnet Forensics

• Meet the Magnet Forensics’ Training Team: Matt Latham

MF: Tell us about your life before becoming a Trainer. ML: Prior to becoming a trainer, I worked as a digital forensic investigator within law enforcement. I worked on a wide variety of cases including fraud, large scale drug operations, murder, and child sexual offences. After my time in law enforcement, I became a university lecturer, specialising in mobile forensics and cyber security. MF: What made you want to be a Trainer? ML: During my time in law enforcement, I felt I made a huge differen...

• Meet the Magnet Forensics’ Training Team: Denise Duffy

MF: Tell us about your life before becoming a Trainer. DD: Before joining the Magnet family, I was a law enforcement officer for 25 years. Throughout my career, I was fortunate to be a part of many different units: patrol officer, school resource officer, Narcotics, Investigations, and Major Investigations. One thing our department didn’t have was a Computer Crimes Unit. Seeing a need, with the support of my chief, I started one. I joined an ICAC task force and was assigned full-time to a region...

• Leveling the Playing Field With the LevelDB View in Magnet AXIOM and AXIOM Cyber

As examiners, we are used to finding data within database files. These have often been SQLite databases which we have been examined ad nauseum to carve out every bit of data we can find. There are other types of databases out there to examine, and some that have been popping up recently that have given us trouble—including LevelDBs, which are the backend storage component for the Indexed Database API. There are also other services such as Bitcoin Core—and even Minecraft—who use LevelDBs for on-d...

• Comparing Magnet AXIOM Performance Speeds Through the Ages

By Chris Cone, Forensic Consultant How large was the last case you worked and how much data were you dealing with? I get a bit sentimental thinking back to some of the earlier days of my digital forensics casework. The good old days when a normal case consisted of a single desktop computer with maybe a few gigabytes of storage capacity—on the high end. One thing we have all likely noticed is that the volume of data on any given case just keeps getting larger. The average capacity of a mobile dev...

• The Top 10 Updates to Magnet AXIOM Cyber in 2022

Picking our favorite updates to Magnet AXIOM Cyber in 2022 was no mean feat. From the inclusion of scanning with YARA rules to spot the latest malware, to Email Explorer for easy browsing of email evidence, AXIOM Cyber in 2022 got some major upgrades. While there are too many new features to fit in one post, here are ten great new AXIOM Cyber features from the past 12 months, in no particular order. 1. Collect Volatile Artifacts This year, we introduced a new artifact category: volatile artifact...

• The Top 15 Updates to Magnet AXIOM in 2022

2022 was a big year for Magnet AXIOM. From improvements to Magnet.AI to the much adored (and long awaited) Dark Mode, Magnet AXIOM has transformed quite a bit over the past 12 months. While there are too many new features to fit in one post, we’ve rounded up a few of our favorite improvements to Magnet AXIOM in 2022. Here, in no particular order, are our 15 favourite new features to Magnet AXIOM in 2022: 1. Cloud Insights Dashboard Evidence from the Cloud has been a key part of digital investiga...

MantaRay Forensics

• VirusShare Hash Sets 2022 Q4

Oscar Delgado and Jan Hoff at Dragos

• 2nd Annual DISC 2022 Capture the Flag (CTF) Event a Success!

By Oscar Delgado, Jan Hoff 12.12.22 LinkedIn Twitter Facebook Email The Dragos Industrial Security Conference (DISC) is an annual event celebrated on November 5th that provides attendees with some of Dragos’s best research through multiple cybersecurity presentations focused on industrial control systems (ICS) and operational technology (OT). Last year, Dragos offered the event’s first Capture the Flag (CTF) contest, and considering its immense success, we decided to offer it again this year. Th...

Pavel Yosifovich

• Unnamed Directory Objects

Upcoming COM Programming Class Next Windows Internals Training Introduction to Monikers Next Windows Kernel Programming Class Archives December 2022 October 2022 September 2022 July 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 October 2021 August 2021 July 2021 May 2021 April 2021 March 2021 January 2021 October 2020 July 2020 March 2020 January 2020 November 2019 February 2019 January 2019 October 2018 September 2018 August 2018 May 2018 Blog Stats 137,349 hits F...

Laura Hamel at Red Canary

• Confidence from context: The Red Canary threat timeline

SANS

• SANS MGT433 Managing Human Risk – Now Expanded to Three Days

SANS MGT433 Managing Human Risk – Now Expanded to Three Days Lance Spitzner SANS MGT433 Managing Human Risk – Now Expanded to Three Days This expansion reflects just how much the field of security awareness / managing human risk has matured. December 13, 2022 Over the last ten years, thousands of individuals have taken the SANS MGT433 Managing Human Risk course, learning how to build, manage and measure mature awareness programs with the ultimate goal of managing human risk. Many students ha...

The Security Noob.

• Interview with DFIR Legend Alexis Brignoni

Posted on 16/12/202216/12/2022 For this interview I have had the please to speak with someone who is so prevalent in DFIR, is very highly thought of and is a pleasure to have got the chance to chat. I have been trying to learn Python for what seems like forever, and it was where I first spent any kind of time with Alexis as I watched the class 0 – DFIR Python Study Group. Anyways, a fantastic interview and I hope you like 😊 How long have you been in the DFIR scene and how did you get there? I’ve...