本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Andrew Malec
Memory ForensicsVolatilityAcquisitionIncident ResponseVirusTotal & hash listsUnix-like Artifacts Collector (UAC)Acquiring Linux VPS via SSHAVML dump to SMB / AWSChina Chopper webshellLogging Powershell activitiesCompromised UniFi ControllerAnyDesk Remote AccessiOS ForensicsCheckm8 / checkra1n acquisitions/extractionsCTF / ChallengesDEFCON 2019 forensicsTomcat shellsMagnet Weekly CTFDFIR Madness CTFLog FilesWindowsMalware AnalysisPDF AnalysisWalking the VAD treeOpenCTIWhat is CTI/OpenCTI?Setting ...
Monica Harris at Cellebrite
Key Takeaways and Highlights from Legalweek 2023 April 4, 2023 | Monica Harris Email Legalweek 2023 was a resounding success, and one of the key takeaways from the conference was the growing importance of mobile data in eDiscovery. Over the past year, the legal industry has been grappling with the question of including mobile data in their cases and investigations. However, the conversations at Legalweek 2023 shifted from “what” to “how,” indicating that the industry has reached a tipping point ...
Chris at AskClees
Importing NSRL V3 hashsets into legacy tools Posted byaskclees1711April 5, 2023April 5, 2023Posted inUncategorizedTags:C, SQLite TL;DR NSRLConvert can change the new SQLite NSRL hashsets into a plain list of MD5 hashes. The program is available here and can be used with the following syntax: NSRLConvert.exe {databasename} {outputfile}Example:NSRLConvert.exe RDS_2022.12.1_modern_minimal.db MD5.txt In Detail This last example will convert the Modern Minimal database to a list of MD5 hashes, 1 hash...
Derek Eiri
Getting SMART(er) with Information Derek Eiri data recovery, digital forensics 2023-04-032023-04-03 In a blog post I wrote about write blockers, I left this question for myself to return to: SMART Attributes: After creating a forensic image of the drive, I may be able to check the SMART attributes of the NVMe SSD with a Linux OS via smartmontools. Will this work? What changes will be made? I don’t know, but that’s an experiment for another day. I appreciate how Tetra Defense and Arman Gungor off...
Elcomsoft
Obtaining Serial Number, MAC, MEID and IMEI of a locked iPhoneUnderstanding Partial File System Extraction: What Data Can and Cannot be Accessed on iOS 15.6-16.1.2 DevicesPerfect Acquisition Part 2: iOS BackgroundHomePod Forensics II: checkm8 and Data ExtractionSideloading the Extraction Agent using a FirewallHomePod Forensics I: Pwning the HomePodRight Method, Wrong OrderPassword Recovery and Data Decryption: Getting Around and AboutMore... Events Official site About us Home Categories GeneralE...
HomePod Forensics III: Analyzing the Keychain and File SystemObtaining Serial Number, MAC, MEID and IMEI of a locked iPhoneUnderstanding Partial File System Extraction: What Data Can and Cannot be Accessed on iOS 15.6-16.1.2 DevicesPerfect Acquisition Part 2: iOS BackgroundHomePod Forensics II: checkm8 and Data ExtractionSideloading the Extraction Agent using a FirewallHomePod Forensics I: Pwning the HomePodRight Method, Wrong OrderPassword Recovery and Data Decryption: Getting Around and AboutM...
Forensafe
07/04/2023 Friday Digital forensics investigations on Android phones often involve analyzing various types of data stored on the device. One crucial piece of information that can be obtained from an Android system during a forensic investigation is Wi-Fi data. Android devices store a wide range of Wi-Fi-related information, including SSIDs, connection dates and times, and saved passwords. Digital Forensics Value of Wi-Fi Information Android devices store information about Wi-Fi access points tha...
Ian D
Within Windows 11, the Microsoft Windows Notification centre is accessible by clicking on the date and time in the taskbar. Occasionally, notifications will pop up and sometimes this includes a photo ‘memory’. The photo will be stored on a user’s OneDrive account and information about the photo is stored in the Windows Registry, briefly.Windows Notification — “Look back at your memories”Not long after a ‘memory’ pops up, you may notice the ‘memory’ photo is stored here:C:\Users\username\AppData...
Joshua Hickman at ‘The Binary Hick’
Skip to content The Binary Hick Thoughts From a Digital Forensic Practitioner Menu Public Images Contact Twitter Mastodon Wipeout! Part Deux – Determining How an Android Was Setup Binary Hick Uncategorized 2023-04-022023-04-02 10 Minutes I hope everyone has had a great first quarter of 2023. For me, it has been a busy one with settling into a new role at a new employer. As things continue to settle I hope to get back into a blogging routine as time allows. I was recently presented with a questio...
MII Cyber Security
Live Forensicator — PowerShell | Bash Script To Aid Incidence Response And Live ForensicsWhat Is Digital Forensic?Digital forensics refers to the process of investigating and analyzing electronic devices, such as computers, smartphones, and other digital media, to uncover evidence that may be used in legal proceedings. Digital forensic experts use specialized tools and techniques to collect, preserve, and analyze digital data from these devices. This process helps to identify and investigate var...
Nowadays, we are provided many tools to parse variety of logs to conduct threat hunt, forensic investigation, or just browsing around the environment. There’s Autopsy, OSForensics, Splunk, and many more tools to ease our job. However, there are times when such tools are not available during investigation. In lieu of those tools, python or Jupyter Notebook may be utilized to parse the logs.Jupyter NotebookIn order to parse these logs, we have to understand how they are written and the pattern of ...
The DFIR Report
Avigayil Mechtinger at Wiz
Learn what tools and data sources you need to use in cloud forensics investigation and how they come into practice in a real-life example.10 minutes readAvigayil MechtingerApril 6, 202310 min readContentsForensics guidelines Traditional forensics vs. cloud forensics Preparing your environment: sources and tools cheat sheet Cloud provider audit logsNetwork flow logs (VPC)Container orchestration audit logs Workload snapshotWorkload runtime eventsReal-life example Forensics investigation process Fo...
