本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Ali Hadi
Skip to content Toggle navigation Sign up Product Actions Automate any workflow Packages Host and manage packages Security Find and fix vulnerabilities Codespaces Instant dev environments Copilot Write better code with AI Code review Manage code changes Issues Plan and track work Discussions Collaborate outside of code Explore All features Documentation GitHub Skills Blog Solutions For Enterprise Teams Startups Education By Solution CI/CD & Automation DevOps DevSecOps Case Studies Customer Stori...
Brian Carrier at Cyber Triage
Dany at Digitella
Hello everyone! I am going to show you how I completed this challenge!To get the attacker's address, I went into the Conversations tab in Wireshark, then I selected the IPV4 option. Here, you see a large number of packets and bytes from address A, which is typical from an attacking host. Therefore the IP is 98.114.205.102. Therefore for question 2, the victim's IP is 192.150.11.111 I looked up the IP of the attacker, and they are located in the United States. This can be done with any IP geoloc...
Derek Eiri
Retrieving Registry Values to Decrypt Files Protected with DDPE Derek Eiri digital forensics 2023-01-262023-01-26 Dell Data Protection Encryption (DDPE) is a file-based encryption method used by organizations to protect data. Processing data protected with DDPE for analysis requires additional steps, i.e., retrieving the encryption key as a .bin file. Magnet Forensics introduced DDPE support with AXIOM Cyber 6.5 on 2022-09-01 and is briefly described here. Dell’s EnCase Administrator Guide outli...
Dr. Neal Krawetz at ‘The Hacker Factor Blog’
Dr. Tristan Jenkinson at ‘The eDiscovery Channel’
The Importance of Data that Doesn't Exist - Part One (Timelines) Zodiac Killer - Z340 Cipher Cracked After 50 Years Targeted attack from Signal forces Cellebrite to remove functionality Subscribe to Blog via Email Enter your email address to subscribe to this blog and receive notifications of new posts by email. Email Address: Subscribe Join 28 other subscribers Follow The eDiscovery Channel on WordPress.com Website Powered by WordPress.com. Follow Following The eDiscovery Channel Join 28 other ...
Oleg Afonin at Elcomsoft
checkm8 for iOS 16.2 and Windows-based iOS Low-Level ExtractionApproaching iOS Extractions: Choosing the Right Acquisition MethodCloud Forensics: Obtaining iCloud Backups, Media Files and Synchronized DataAdvanced Logical Extraction with iOS Forensic Toolkit 8: Cheat SheetiOS Backups: Leftover Passwordscheckm8 Extraction Cheat Sheet: iPhone and iPad DevicesHow to Put Apple TV 3 (2012-2013), Apple TV 4/HD (2015) and Apple TV 4K (2017) into DFUiOS 16: SEP Hardening, New Security Measures and Their...
Howard Oakley at ‘The Eclectic Light Company’
[…] LikeLike Leave a Reply Cancel reply Enter your comment here... Fill in your details below or click an icon to log in: Email (required) (Address never made public) Name (required) Website You are commenting using your WordPress.com account. ( Log Out / Change ) You are commenting using your Twitter account. ( Log Out / Change ) You are commenting using your Facebook account. ( Log Out / Change ) Cancel Connecting to %s Notify me of new comments via email. Notify me of new posts via email. Δ T...
Jerry Chang
PCAP analysis report - Nitroba University Get link Facebook Twitter Pinterest Email Other Apps - January 25, 2023 Introduction/objectives/BackgroundCase Background2022/1/30 I was retained by David Loveall, the lead investigator of the case, and was asked to assist in the analysis of the following case:Lily Tuckrige is teaching chemistry CHEM109 this summer at NSU and she has been receiving harassing email at her personal email address: lilytuckrige@yahoo.com. She suspects that they are being sen...
Oxygen Forensics
Supported Vault Apps in Oxygen Forensic® Detective Posted on January 25, 2023 FacebookTweetLinkedIn What are Vault Apps? Vault and private storage apps allow users to hide content like photos, videos, messages, contacts, calls, browsing history, notes, and other sensitive data within a device. Usually, vault apps are password-protected and even encrypted. These apps guarantee privacy and safe storage of user’s confidential data. However, vault apps can also be utilized to hide illicit content an...
Jorge Coronado at Security Art Work
24 de enero de 2023 Por Jorge Coronado 1 Comment El propósito de este artículo es analizar de qué forma se aplican en la industria las capacidades de seguridad de protocolos en general, viendo el caso particular de Zigbee. Si se desea más información sobre las capacidades de seguridad de Zigbee, se puede encontrar en este siguiente artículo de Incibe. Zigbee: qué es Zigbee es un protocolo inalámbrico basado en el estándar IEEE802.15.4, cuyas principales características es que tiene una latencia ...
System Weakness
Tor forensics is the technique of detecting and analyzing the data sent and received via the Tor network. Tor forensics is concerned with identifying suspects who used the Tor network and their activities. This can involve determining the suspects’ locations, the type of communication, and the time of communication.Steps For Conducting Tor ForensicsData collectionData analysisIdentifying Tor usageDecrypting dataIdentifying suspectsTOR FORENSICS STEPSData CollectionThe initial phase in the Tor fo...
This is a simple walkthrough of the Warzone2 room on Tryhackme. It involves triaging an alert using a PCAP file that was captured to determine if it is a false or true positive. We will be using the tools: Brim, Network Miner and Wireshark, if needed.Photo by Philipp Katzenberger on UnsplashTryHackMe | Warzone 2You received another IDS/IPS alert. Time to triage the alert to determine if its a true positive.tryhackme.comScenarioYou work as a Tier 1 Security Analyst L1 for a Managed Security Servi...
Terryn at chocolatecoat4n6
Investigation Framework | Part 6 – Intelligence Correlation January 23, 2023January 23, 2023 / ChocolateCoat Investigation Framework Incident Scoping Evidence Collection Analysis Correlation Timeline Analysis Intelligence Correlation Reporting Intelligence Correlation There’s one last piece of “analysis” left to do with your evidence. It’s time to take what you know and look for any similarities to know intelligence. The best way to summarize this section is “Find out if anyone else has seen thi...
The DFIR Report
ThinkDFIR
Timestamps in INDX Entries January 13, 2023January 24, 2023 Phill MooreLeave a comment Welcome to 2023! Turns out I didn’t post on here as much as I should have last year. Logging in this morning I can see I posted twice, whoops. Let’s change that with some validation research into INDX records, particularly in relation to the timestamps that are stored in INDX entries. I’ve been putting together my talk for the upcoming Magnet Virtual Summit, and my talk is about carving out forensic artefacts ...
