本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Emi Polito at Amped
Dear colleagues, we are very thrilled to introduce you to the new exciting audio display and redaction features now available in Amped Replay! Additions that required weeks of intense development and testing, but which we are immensely proud of. And we think you are going to love how easy it is now to remove sensitive audio from your evidence! In the past, removing sensitive and/or unwanted material from digital media evidence was considered a niche editing skill that only a specialized video un...
Amr Ashraf
3 minute read On this page OverView Memory Image Verification Identify the infection point Email Investigation Attachment investigation Droped file automated analysis OverView We are presented with a Disk image and a memory Dump from a computer infected with malware, this data is coming actually from a CTF I recently participated in but I found this challenge very realistic so I decided to make a detailed analysis for it, and also because I shocked with the number of people that Don’t understand...
Oleg Afonin at Elcomsoft
Behind the Scenes of iOS Data Extraction: Exploring the Extraction AgentiOS Forensic Toolkit Maintenance: Following Apple iOS UpdatesForensically Sound checkm8 Extraction: Repeatable, Verifiable and SafeApple Releases iOS 12.5.7, iOS 15.7.3. What About Low-Level Extraction?iOS 15.5 Low-Level Keychain Extractioncheckm8 for iOS 16.2 and Windows-based iOS Low-Level ExtractionApproaching iOS Extractions: Choosing the Right Acquisition MethodCloud Forensics: Obtaining iCloud Backups, Media Files and ...
Password Recovery and Data Decryption: Getting Around and AboutBehind the Scenes of iOS Data Extraction: Exploring the Extraction AgentiOS Forensic Toolkit Maintenance: Following Apple iOS UpdatesForensically Sound checkm8 Extraction: Repeatable, Verifiable and SafeApple Releases iOS 12.5.7, iOS 15.7.3. What About Low-Level Extraction?iOS 15.5 Low-Level Keychain Extractioncheckm8 for iOS 16.2 and Windows-based iOS Low-Level ExtractionApproaching iOS Extractions: Choosing the Right Acquisition Me...
Forensafe
Investigating Window AVG AntiVirus 24/02/2023 Friday AVG Antivirus is a security program designed to defend computers from viruses, spyware, and other forms of malicious software. The software operates by continuously monitoring the computer to detect and isolate any potential threats. To detect existing infections, AVG Antivirus carries out routine scans of the computer's hard drive, memory, and other storage spaces. Additionally, it offers real-time protection by examining incoming email attac...
Investigating Window Mail 17/02/2023 Friday Windows Mail is an email client developed by Microsoft and included in Windows Vista and later versions of Windows. It is available as the successor to Outlook Express, which was either included with, or released for Internet Explorer 3.0 and later versions of Internet Explorer. Digital Forensics Value of Windows Mail Mail is an essential method of communication that used within different fields. Where windows mail provides records of emails, contacts,...
Kathryn Hedley at Khyrenz
top of pageHomeServicesAboutBlogPresentationsResourcesMoreUse tab to navigate through the menu items.Digital Forensics ConsultancyRegister for Courses Kathryn HedleyFeb 18USB or not USB... Connection TimesI started this research piece attempting to work out when the SYSTEM\CurrentControlSet\Enum\USBSTOR>device<>iSerialNumber<\Properties{83da6326-97a6-4088-9453-a1923f573b29}\0065 key might be updated... I've never seen the value within the 0065 key differ from the value within the 0064 key in ...
Kinga Kięczkowska at InfoSec Write-ups
Welcome to my USB Forensics 101 guide.Inspired by a Pluralsight course I completed on USB Forensics fundamentals, I decided to have a crack at explaining the basics myself. Being quite goal-oriented I knew that deciding on a blogpost will help me see through the learning and help with organising the new knowledge in my head — you know what they say, one doesn’t fully understand a topic until they are able to explain it to a five year old. While this might be a bit heavy for a five year old (alth...
Korstiaan Stam at ‘Invictus Incident Response’
Your Ultimate Guide to Unified Audit Log (UAL) AnalysisFollow us on LinkedIn | Twitter | GitHub| MediumIntroductionIn this blog, we present various scenarios in which threat actors can utilise email forwarding rules and the associated evidence in the UAL. Additionally, we have created a comprehensive mind map that summarises the contents of the blog for use in incident detection and response investigations.Email forwarding rulesIn this blog we will discuss a threat actor technique that we will s...
Magnet Forensics
A key part of any mobile device examination is understanding the pattern of life activity of said device. Seeing what a user is doing at specific times of day and developing patterns of behavior becomes important in a number of different types of examinations. We have come to rely on these artifacts from sources such as the KnowledgeC and PowerLog databases in iOS. While these databases still exist in iOS 16, Apple threw us a curveball by moving some of the key records to a new location and stor...
N00b_H@ck3r
Posted bylightkunyagami February 23, 2023February 24, 2023 2 Comments on CyberDefenders: BlackEnergy This Blue Team challenge was released on February 19, 2023 from CyberDefenders.org. You can access the room at //cyberdefenders.org/blueteam-ctf-challenges/99#nav-questions. Shoutout to @HouseOfStark for creating the challenge and also for being so responsive and kind in entertaining questions and inquiries about the challenge on Discord. I’ve had interactions with other creators where they just ...
Melusi shoko at System Weakness
Hello, folks. Today I’ve decided to write an article about analysing phishing campaigns. As a SOC analyst, you will be dealing with a lot of SPAM email investigations on a daily basis. So I’d want to demonstrate how to analyse a malicious email using a challenge from the letsdefend platform.Below are the details of the challenge :You recently received an email from someone trying to impersonate a company, your job is to analyze the email to see if it is suspicious.Email Link: downloadPassword: i...
Vikas Singh
Michael Hale Ligh at Volatility Labs
Results from the 10th Annual Volatility Plugin Contest are in! There were 8 submissions this year, including submissions from 2 contestants from previous years who have continued to build on their previous work. Submissions included updates to graphical interfaces, plugins to detect Linux rootkits, plugins to extract threat actor activity despite anti-forensics techniques, and a new analytical capability for leveraging handle information to augment investigations. As usual, we would like to than...
Andy Gill at ZephrSec
Ticket Fraud Scammers - An Investigation If you're reading this, it's a blog post that's not my regular write-up but more of an investigation and a hypothesis on the anatomy of a scam. I also put it together to raise awareness for those who read my blog and who might not be overtly technical-focused. Andy Gill Feb 24, 2023 • 4 min read So recently, I came across someone selling tickets to various gigs and events; a friend also got scammed for money when they thought they were buying. So it got m...
