本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
MISCELLANEOUS
Bill Stearns at Active Countermeasures
Antonio Formato
ChatGPT and Microsoft Sentinel — simplify the incident handling processToday, I’m excited to share my experience testing the integration of ChatGPT with Microsoft Sentinel. My goal with this integration was twofold: to have some fun experimenting with this cutting-edge technology and to explore how it could be used to empower security analysts in incident handling. By harnessing the power of ChatGPT, I believe it is possible to speed up and simplify the incident handling process, making it more ...
Belkasoft
In our previous article, we described the call for automation in Digital Forensics and what can be automated within Belkasoft X. In this text, we would like to go through the ways that our customers are able to couple Belkasoft X with Amped FIVE. Why Amped FIVE? Amped FIVE is the product of an Italian company called Amped Software, renowned for developing solutions for the analysis and enhancement of images and videos for forensic, security, and investigative applications. While Belkasoft X has ...
Forensic Focus
Howard Oakley at ‘The Eclectic Light Company’
[…] LikeLike Leave a Reply Cancel reply Enter your comment here... Fill in your details below or click an icon to log in: Email (required) (Address never made public) Name (required) Website You are commenting using your WordPress.com account. ( Log Out / Change ) You are commenting using your Twitter account. ( Log Out / Change ) You are commenting using your Facebook account. ( Log Out / Change ) Cancel Connecting to %s Notify me of new comments via email. Notify me of new posts via email. Δ T...
Keith McCammon
Skip to primary navigation Skip to content Skip to footer KWM Archive Toggle search Toggle menu by Keith McCammon Follow LinkedIn Twitter GitHub An open source catalog of offensive security tools less than 1 minute read From Gwendal Le Coguic (@gwen001 / @gwendallecoguic), offsec.tools is a fairly wide-ranging collection of offensive security tools. At the time of publication, it includes close to 700 tools, though some very popular free tools (e.g., mimikatz, impacket) are missing, and the proj...
less than 1 minute read From the Carnegie Endowment for International Peace: The dataset provides a global inventory of commercial spyware & digital forensics technology procured by governments. It focuses on three overarching questions: Which governments show evidence of procuring and using commercial spyware? Which private sector companies are involved and what are their countries of origin? What activities have governments used the technology for? The leaderboard is interesting, albeit predic...
Mary Ellen Kennel at ‘What’s A Mennonite Doing In Manhattan?!’
If you are new to InfoSec or trying to break into CyberSecurity, this post is dedicated to you. I have revamped my DFIRLinks Website and added a whole new row of resources for newcomers or those seeking a new role. You may be wondering why, right next to “InfoSec101”, there’s a link to “Leadership” resources. Here’s why. Many of you are just trying to get your foot in the door, but if you study the materials listed in my blog, I’m confident that you will...and it might not be long until you find...
Nathan McNulty
Azure Automation - Advanced Auditing Nathan McNulty Jan 29, 2023 • 7 min read In Office 365, applying an E5 license with the Advanced Auditing component to a user does not enable all auditable events. For tenants created more than a few years ago, it's possible MailItemsAccessed and Send are not enabled by default, especially if audit events were previously modified. Another important one, SearchQueryInitiated (covers both Exchange and SharePoint) is never enabled by default. We usually want to ...
Darren Mar-Elia at SDM Software
Jennifer Gregory at Security Intelligence
Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not detect the attack because the transactions looked normal. But with Wyler’s expertise, he was able to realize that data was leaving the environment as well as entering the system. His efforts saved the company from suffering even more damage and dis...
SOC Fortress
Move Over TheHIVE, Hello DFIR-IRISWorld’s Best FREE SIEM Stack SeriesWalkthrough VideoIntroIncident Response Platforms (IRPs) are an essential tool for organizations of all sizes and industries, as they provide a centralized platform for managing incident response activities and help organizations respond quickly and effectively to cyber incidents. By using IRPs, organizations can reduce the impact of cyber incidents, minimize the risk of data breaches, and ensure compliance with industry regula...
William Colley at ADF
Posted by William Colley on February 1, 2023 Find me on: LinkedIn Tweet In order for your digital evidence to be used in a court of law you should take care in your evidence collection procedures from digital devices. Best practices for collection are designed to help you maintain the integrity of evidence. Individual agencies may have their own policies and procedures in place but overall general practices may be similar. The crime scene is your first stop in evidence collection, arriving prepa...
John Patzakis at X1
By John Patzakis January 31, 2023 Over the weekend I was about to write a blog post on how corporate legal departments can streamline and improve their internal eDiscovery processes. I instead asked ChatGPT to write it. ChatGPT did a better job of it. So If anyone needs me this week, I will be at the beach. Here is the full transcript: My Prompt: Please write a memo explaining how corporate legal departments can streamline their eDiscovery processes to reduce costs and improve compliance. Respon...
