本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成＆投稿したものです。4n6 は こちら からご確認いただけます。

MISCELLANEOUS

Kevin Ripa at SANS

• Where are My Keys?

Kevin Ripa Where are My Keys? My experience has taught me that an inquisitive mind for any type of puzzle is a good start. April 5, 2023 Next time you open your laptop or push the ‘on’ button on your computer, consider how far technology has advanced. Nowadays, when I push the start button on my truck, I pay little attention to what occurred to get my vehicle to this point, it just starts. I haven’t thought about the car’s ‘operating system’ in years. I have disassembled an engine in...

ADF Solutions

• Uncovering Hidden Evidence: A Brief Guide to E-Discovery

Posted by ADF Solutions on April 5, 2023 Find me on: Facebook LinkedIn Twitter Tweet Electronic discovery or e-discovery is the process of identifying, collecting, and exchanging electronically stored information (ESI) for a legal case or an investigation [1]. This includes emails, text messages, electronic documents, social media, digital images, and other types of electronic communications. E-discovery is an essential tool in litigation, by working with forensic investigators, involved parties...

Alex Teixeira

• Detection cannot be outSOARced

After integrating so many tools and data sources into all sorts of security monitoring workflows and processes, let me share a few thoughts in regards to SOAR and how it actually helps (or hinders) the challenge of threat detection based on log telemetry, usually tackled via a SIEM.Why SOAR?Before exploring this question, let me share a quick definition I found on a website after picking one of the first search hits:SOAR: technology that enable organizations to take inputs from a variety of sour...

Alican Kiraz

• My Blue Team Certification Journey and Creating Your Own Blue Team Certification Roadmap

Creating by Alican KirazHi everyone, you know how much I am interested in certificate programs :) You often ask me questions about the certificates I have earned. I wanted to tell you about the experiences I learned by preparing a detailed article.First of all, the value of a certificate is directly proportional to the education you receive and the experience you gain. While preparing for a certificate program, your goal should not be to get the certificate but to learn information that will be ...

• Cyber Security -Incident Response Part 4: Post-Incident Activity| EN

//variety.com/1956/film/reviews/12-angry-men-review-1200418382/Hi everyone, In the last step of our Incident Response series, I will discuss Post-Incident Activities. Throughout our IR series, we rehearsed an incident at every stage and made our preparations. In the last step, we will evaluate all our preparations, analyses, and actions during the event and design the effort to improve this process.End of Event First Meeting: Main RetrospectiveFirst, everyone’s opinions are taken through a retro...

ArcPoint

• Unlocking the Power of Digital Forensics | ArcPoint Forensics

About Product FAQ Solution By Role Management IT / Engineering Digital Forensic Analyst By Industry Federal Government Family Law Law Enforcement News Contact Request a Demo Streamlining Investigations with ATRIO 15 Mar 2023 ArcPoint Digital forensics plays a critical role in modern investigations, whether it's a legal dispute, a cybersecurity breach, or a criminal case. However, with the exponential growth of digital data, it can be challenging to extract the insights needed to make informed de...

Belkasoft

• ChatGPT in DFIR Quiz

The Quiz In our e-book "ChatGPT and Its Appliance in the Field of Digital Forensics" there was a "Conclusion" (we also got "Conclusion 2"), which was written by ChatGPT itself. We announced a prize to those who would guess the prompt. The exact prompt was not guessed, but we still have a winner. Your Guesses Before we reveal who the winner is, let us go through your guesses. Most of guesses were around the following prompts: "Is ChatGPT going to change digital forensics"—in various combinations,...

Businesswire

• Magnet Forensics Announces Closing of Plan of Arrangement

with Thoma Bravo April 06, 2023 02:30 PM Eastern Daylight Time WATERLOO, Ontario--(BUSINESS WIRE)--Magnet Forensics Inc. (the “Company” or “Magnet”) (TSX: MAGT), a developer of digital investigation solutions for enterprises and public safety organizations, is pleased to announce the closing of the previously announced plan of arrangement (the “Arrangement”) with Morpheus Purchaser Inc. (the “Purchaser”), a newly created corporation controlled by Thoma Bravo, a leading software investment firm, ...

Cado Security

• XDR is Great, but Only if it’s Rolled out Everywhere

Cassie Doemel at AboutDFIR

• AboutDFIR Site Content Update 04/08/2023

Reza Rafati at Cyberwarezone

• Phantom Incident Scam in Ransomware Attacks

April 4, 2023 Reza Rafati Ransomware attackers are increasingly using a technique called the Phantom Incident Scam to deceive victims into paying the ransom. In this type of scam, attackers claim to have stolen sensitive data from important departments such as HR, employee records, medical data, and other confidential information. They then threaten to release the data publicly or sell it to third parties unless the ransom is paid. Phantom Incident Scam Key takeaways: Incident responders observe...

• Understanding the Different Types of Threat Intelligence Feed Formats

April 4, 2023 Reza Rafati Threat intelligence is critical in keeping businesses and organizations safe from cyber attacks. It provides insights into the latest threats and vulnerabilities, helping companies to understand how attackers operate and how they can improve their defenses. One of the key components of threat intelligence is the feed format in which it is delivered. In this post, we’ll explore the different types of threat intelligence feed formats and their benefits. Feed FormatUnique ...

• Top Premium Threat Intelligence Feed Providers

April 4, 2023 Reza Rafati CYBERWARZONE – As organizations seek to bolster their cybersecurity defenses, premium threat intelligence feeds have become an increasingly vital tool. With so many providers on the market, it can be difficult to choose the best one for your organization’s needs. In this post, we’ll provide an overview of the top premium threat intelligence feed providers, their key features and strengths, and recommendations based on industry and organization size. Table of Contents #1...

• 5 Key Tips to Consider When Choosing a Premium Threat Intelligence Feed

April 4, 2023 Reza Rafati CYBERWARZONE – Cyber threats are an ever-present danger to organizations of all sizes and types. In order to protect against these threats, many organizations turn to premium threat intelligence feeds. However, with so many options available, it can be challenging to choose the right one. In this blog post, we will explore five key considerations to keep in mind when selecting a premium threat intelligence feed. Table of Contents #1. Scope and Relevance to Your Industry...

• Free vs. Premium Threat Intelligence: Pros and Cons

April 4, 2023 Reza Rafati Premium Threat Intelligence is a paid service that provides organizations with comprehensive and specialized information about cyber threats. It offers access to exclusive data sources that are not available through free services. 4 key takeaways from this post: Premium Threat Intelligence feeds offer more specialized and comprehensive information about cyber threats, with access to exclusive data sources, real-time updates on emerging threats, and analysis and contextu...

• How to Effectively Implement Premium Threat Intelligence Feeds

April 4, 2023 Reza Rafati CYBERWARZONE – As cyber threats continue to evolve, organizations are turning to premium threat intelligence feeds to stay ahead of the curve. However, simply purchasing a feed is not enough to protect against cyber attacks. It’s equally important to effectively implement the feed and integrate it with your organization’s security infrastructure. In this post, we’ll provide some tips on how to effectively implement premium threat intelligence feeds. Table of Contents #1...

• 10 Key Features of a Threat Intelligence Platform (TIP)

April 4, 2023 Reza Rafati CYBERWARZONE – As the threat landscape continues to evolve, organizations are increasingly turning to Threat Intelligence Platforms (TIPs) to help manage and analyze the vast amounts of threat intelligence data available. A TIP can provide a centralized location for storing and analyzing this data, allowing security teams to more efficiently and effectively identify and respond to emerging threats. In this post, we’ll discuss the 10 key features that identify a typical ...

• How to Determine Incident Response Retainer Cost

April 6, 2023 Reza Rafati Cybersecurity incidents can happen at any time, and having a plan in place to respond to them is critical for minimizing the impact on your business. One way to prepare for such events is to have an incident response retainer with a cybersecurity firm. How to Determine Incident Response Retainer Cost This retainer provides you with access to incident response (IR) services in the event of a cyber attack or data breach. But how do you determine the cost of an incident re...

• Top 10 Incident Response Tools and Platforms for 2023

April 6, 2023 Reza Rafati Comparing the top 10 incident response tools and platforms for 2023 can be an overwhelming task for organizations seeking to improve their cybersecurity posture. With so many solutions available, it’s essential to find the right fit for your specific needs and challenges. Table of Contents It can be a challenge to choose the right IR toolNo pricingThe goalTop IR tools and Platforms in 2023#1. IBM Security Resilient#2. Splunk Phantom#3. Cortex XSOAR by Palo Alto Networks...

Devon Ackerman at GRC Outlook

• Incident Response Meets Governance Risk and Compliance (GRC)in Digital Forensics

SecurityDigital ForensicsGRCInsights By Devon Ackerman, Global Head of Incident Response in the Cyber Risk business, Kroll Futurae Technologies: The Customer-First Authentication Solution Authentix: The Powerful Anti-Counterfeiting Solution Identite: Enabling Simple and Secure Authentication Rublon: The State-of-the-Art Multi-Factor Authentication A People-Leadership Perspective: 3 common leadership risks and how to deal with them On falling victim to a cyberattack, there is typically a three-pa...

Fabien Bader at Cloudbrothers

• Sentinel Pester Framework

Fabian Bader enthalten in Sentinel PowerShell Pester Analytics Rules KQL 2023-04-02 1971 wörter 10 minuten Inhalt What is Pester? Define a Tests Sentinel Pester Framework Basic configuration Tags Advanced configuration CI/CD integration Getting started Available tests Contributing Conclusion When you work with one or multiple Microsoft Sentinel workspaces you may find it necessary to not only deploy Analytics rules and other configuration artifacts using a version controlled source control (CI/...

Forensic Focus

• How Amped FIVE Helped To Solve A Murder Investigation In Nottinghamshire

• ADF Solutions’ Upcoming Webinar: Taking Command Of Forensic Evidence

• Cellebrite Announces RelativityOne Integration For Quicker, Safer Data Review

• Digital Forensics Round-Up, April 06 2023

Ilias Mavropoulos

• Blue Team Level 1 (BTL1) Training Course / Exam Review and Tips — March 2023

Blue Team Level 1 (BTL1) Training Course / Exam Review and Tips — March 2023Hey medium,Today I want to share with you my journey on being Certified with Security Blue Team , give you my feedback on the quality of the training course / 24-hour incident response practical exam and provide you with recommendations and tips for preparing for the BTL1.whoamiILIAS Mavropoulos | LinkedInFor the most part of my life I’ve been a technology nerd pursuing new ways to solve problems with the use of computer...

Jeffrey Appel

• Microsoft Defender for Cloud– The ultimate blog series (Intro) – P0

0 Block “vulnerable/unwanted” applications with Defender for Endpoint and Vulnerability Management 0 Microsoft Defender SmartScreen – how to use SmartScreen and Phishing protection 2 Deploy Microsoft Defender for Endpoint on iOS using Intune/MEM 1 Microsoft Defender for Endpoint series – Tips and tricks/ common mistakes – Part10 2 Microsoft Defender for Endpoint series – Automation via Logic Apps and Sentinel – Part9 0 This website uses cookies to provide an optimal user experience. Got it! 0 Ho...

Morten Knudsen

• Understanding Azure Data Collection Endpoint

• AzLogDcrIngestPS – your helper to send data via Azure Pipeline, Azure Log Ingestion API & Azure Data Collection Rules into Azure LogAnalytics table

• ClientInspector – a cool showcase to demonstrate Log ingestion API, Azure Log Ingestion Pipeline, Azure Data Collection Rules and my new Powershell module AzLogDcrIngestPS

• Collecting System & Application events using Azure Monitor Agent

• Collecting Security events using Azure Monitor Agent

• How to do data transformation using Workspace transformation for legacy upload methods

• Understanding the fundamentals of log-collection with Azure Monitor Agent & Azure Data Collection Rules

• Collecting Performance data using Azure Monitor Agent, VMInsights and ServiceMap

• Collecting IIS logs using Azure Monitor Agent

• Understanding Azure logging capabilities in depth

Nathan McNulty

• Intune – Block mounting of ISO files

Nathan McNulty Home About Intune - Block mounting of ISO files Nathan McNulty Apr 3, 2023 • 2 min read This short article was actually written last year but never published because Microsoft started applying Mark of the Web to virtual disk formats including ISO files in November. At the time, I didn't feel it was necessary anymore...1) We are finally propagating MotW to Virtual Disk containers! For example, when you download and mount an ISO from the Internet, applications that query the zone of...

• Intune – Discover Defender AV exclusions using Proactive Remediation

Nathan McNulty Home About Intune - Discover Defender AV exclusions using Proactive Remediation Nathan McNulty Apr 5, 2023 • 6 min read Photo by Marjan Blan | @marjanblan / Unsplash For almost a decade, Microsoft Defender Antivirus has had a feature called Disable Local Admin Merge that "prevents" local admins from creating AV exclusions. As you can imagine, this makes it harder for attackers to create exclusions for their malware, but it can also be a huge pain point for IT teams who have create...

Nextron Systems

• Customer Portal Upgrade – Planned Downtime

Apr 4, 2023 | Newsletter, Nextron, Service Notice We would like to inform you that our customer portal will be undergoing a scheduled maintenance and will be temporarily unavailable on Wednesday, April 12, 2023, between 10:00am and 11:00am CEST. We apologize for any inconvenience this may cause. During this downtime, we will be performing essential maintenance work to improve the functionality and security of our customer portal. This includes updating our servers, fixing any bugs, and implement...

Rachel Teisch at OpenText

• The Great eDiscovery Reset 

SANS

• Cybersecurity Jobs: Malware Analyst (Japanese)

homepage Open menu Go one level top Train and Certify Train and Certify Immediately apply the skills and techniques learned in SANS courses, ranges, and summits Overview Courses Overview Full Course List By Focus Areas Cloud Security Cyber Defense Cybersecurity and IT Essentials DFIR Industrial Control Systems Offensive Operations Management, Legal, and Audit By Skill Levels New to Cyber Essentials Advanced Expert Training Formats OnDemand In-Person Live Online Course Demos Training Roadmaps Ski...

SUMURI

• Digital Forensics 101 for Lawyers

Digital forensics is a rapidly evolving field, and it is important for lawyers to stay up-to-date on the latest techniques and technologies. To litigate in court lawyers must have a basic understanding of the concepts of digital forensics. For example, as smartphones and tablets become increasingly prevalent, it is important for lawyers to understand how to extract and analyze data from these devices.There are many different types of cases that may require the use of digital forensics. For examp...

Teri Radichel

• SANS GSE Renewal

I passed. Why I did it. Phew.If you aren’t familiar with the GSE I wrote about that here:The SANS GSEWhat’s it like to take one of the hardest cybersecurity certifications in the industry — and pass!medium.comI wrote about how I was pondering whether or not to review the GSE here:----More from Cloud SecurityCybersecurity in a Cloudy WorldRead more from Cloud SecurityAboutHelpTermsPrivacyGet the Medium appGet unlimited accessTeri Radichel1.4K FollowersCloud Security Training and Penetration Testi...

Mike Cohen at Velociraptor Blog

• The Velociraptor annual community survey

Who are the Velociraptor Community?Velociraptor use casesBackwards compatibilityVersion compatibilityThe offline collectorData analysisVQL artifactsRole based access controlsMulti-tenant supportClient monitoring and alertingThe Quarantine featureHow is Velociraptor deployed?Popular operating systemsResources and referencesTestimonialsConclusionsCommunityThe Velociraptor annual community surveyMike Cohen 2023-04-01Velociraptor is an open source project lead and shaped by the community. Over the y...