本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Adam Cohen Hillel at Cado Security
Digital Forensics Myanmar
SQLite Database Forensics (Note) Get link Facebook Twitter Pinterest Email Other Apps February 01, 2023 SQLite ကို Android Phone, Apple Phone , MAC OS, Window တို့မှာ အချို့ Application တွေရဲ့ Data တွေကို သိမ်းဆည်းဖို့ အများဆုံးအသုံးပြုပါတယ်။ Message Application တွေဖြစ်တဲ့ Viber, Telegram, What App , Skype, Messenger စတဲ့ Message Application တွေက Desktop Version ပဲဖြစ်ဖြစ် Mobile Version ပဲ ဖြစ်ဖြစ် SQLite Database ကို အသုံးပြုပါတယ်။ ဒါ့အပြင် Contact, Call Log , Message (SMS) စတာတွေမှာ SQLite Da...
eCDFP Module (5) File System Analysis (Part-11) (NTFS File System Analysis) Get link Facebook Twitter Pinterest Email Other Apps February 03, 2023 Alternative Data Stream (ADS) NTFS File System မှာ one $DATA Attribute မှာတစ်ခုထပ်ပိုပြီးရှိနိုင်ပါတယ်။ အဲဒါကတော့ Alternative Data Stream (ADS) ပဲဖြစ်ပါတယ်။ ADS ကို Data Hiding ပြုလုပ်တဲ့နေရာမှာ အသုံးပြုပါတယ်။ အခုဆိုရင် DFM.TXT File အတွက် နောက်ထပ် $DATA Attribute တစ်ခုကိုပြုလုပ်လို့ပြီးပါပြီး။ သာမန်ကြည့်ရင် DFM.TXT File ကိုပဲမြင်ရမှာ ဖြစ်ပြီး DFM.TXT ...
Doug Metz at Baker Street Forensics
KAPE batch mode, ARM Memory, updates to CSIRT-Collect, and all the things I learned along the way. DFIR, Forensic Imaging, PowerShell, RAM, USB A couple weeks ago, a reader commented on the post Adding RAM collections to KAPE triage, “Couldn’t this be implemented by using linear processing with KAPE in batch mode?” and I couldn’t be more grateful for their inquiry. When I was first introduced to KAPE, ‘batch mode’ didn’t exist yet as a feature, so it was something I had to get familiar with. Fro...
Oleg Afonin at Elcomsoft
Apple Releases iOS 12.5.7, iOS 15.7.3. What About Low-Level Extraction?iOS 15.5 Low-Level Keychain Extractioncheckm8 for iOS 16.2 and Windows-based iOS Low-Level ExtractionApproaching iOS Extractions: Choosing the Right Acquisition MethodCloud Forensics: Obtaining iCloud Backups, Media Files and Synchronized DataAdvanced Logical Extraction with iOS Forensic Toolkit 8: Cheat SheetiOS Backups: Leftover Passwordscheckm8 Extraction Cheat Sheet: iPhone and iPad DevicesHow to Put Apple TV 3 (2012-2013...
Forensafe
Korstiaan Stam at ‘Invictus Incident Response’
Investigating cross-tenant synchronization attacksIntroductionOn the 31st of January 2023, Microsoft announced a new feature called cross-tenant synchronization(CRS). With CRS you can enable synchronization between two tenants for users and groups. The picture below shows CRS between three tenants.Since this is a very new feature and still in preview there’s no attacks observed yet, however it definitely has the potential to be abused. In this blog we will show you how to perform and investigate...
M. Alparslan A.
Nugroho G Novianto at MII Cyber Security
Logo TryHackMeThe Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.Now, I am trying to investigate the intrusion attack using Splunk with TryHackmeRoom URL: //tryhackme.com/room/newhireoldartifactsScenario:You are a SOC Analyst for an MSSP (managed Security Service Provider) company called TryNotHackMe.A newly acquired customer (Widget LLC) was recently onboarded with t...
Godwin Attigah at Open Source DFIR
Get link Facebook Twitter Pinterest Email Other Apps By Tarik February 01, 2023 Power AutomateAuthored by Godwin Attigah, copied with permission.Background Power Automate allows users to build flows with robotic process automation (RPA). Power Automate is powered by Microsoft Flow and Power Apps. The desktop version of the software-as-a-service (SaaS) is now available on all Windows 11 devices as a Windows Store Application. Windows Store applications are built on the Common Language Runtime (CL...
Rich Plummer
Report this post Rich P. Rich P. I help driven professionals like you, create powerful, positive change to become the greatest version of yourself, no matter where you are on your… Published Feb 2, 2023 + Follow In this lesson, you will learn about data storage concepts and how the Android file system works. Examiners can use specific forensic techniques and software to extract data from the devices by understanding how data is stored on mobile devices. Understanding how data is stored, where it...
Sygnia
February 2, 2023 Key Takeaways Forensic data across Google Cloud can logically be organized into three categories: Identity Management, Google Workspace Apps, and Google Cloud Platform (GCP). Each category can be further broken down into four subcategories: Configurations, Logs, Reports, and Alerts. During triage, prioritize the following evidence sources when performing incident response against Google Workspace: Alert Center alerts < Admin reports < Identity logs < Application logs < Applicati...
Ashish Bansal at System Weakness
What is Windows Event Log?It is a comprehensive record of events pertaining to the system, security and applications on Windows operating system. It like an end to end trail logging mechanism of your system that can help you in tracking, troubleshooting the system or application issues.All such windows event logs have a unique code to identify the specific logged event or issue with other details like source, datetime, level, user etc.Windows event logs can be located under C:\Windows\System32\w...
The Security Noob
Posted on 02/02/202303/02/2023 This book is a comprehensive and informative guide for those interested in digital forensics and investigations. The book covers a wide range of topics related to forensic analysis of Linux systems, including data acquisition, evidence preservation, and various forensic techniques. It is a fantastic read, even before going deep into it forensically, the digital and Linux overview pages it was worth it alone for picking up, reads so well and haven’t even got into th...
