本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Chris Doman at Cado Security
Darren Lim
Decrypting a Defense
digitalforensicslas.substack.comCopy linkTwitterFacebookEmailNotesAI & Photography, NYC Council Hearing, Geofence Warrants, Search Warrant Returns, & MoreVol. 4, Issue 5The Digital Forensics UnitMay 1, 20231ShareShare this postAI & Photography, NYC Council Hearing, Geofence Warrants, Search Warrant Returns, & Moredigitalforensicslas.substack.comCopy linkTwitterFacebookEmailNotesPhoto by Arkan Perdana on UnsplashMay 1, 2023Welcome to Decrypting a Defense, the monthly newsletter of the Legal Aid S...
Michael Hamm at Digital Corpora
2023-05-052023-05-05Michael HammLeave a comment Post navigation CIRCL Forensics Exercises are little challenges developed for and during the CIRCL Forensics Trainings, and for workshops or presentations. Usually you will find a PDF with the slides and the solution inline, next to a disk image with the challenge itself. Wiped Disk Image://downloads.digitalcorpora.org/corpora/drives/circl-2023-wiped/Recovering data from a wiped disk sounds impossible. But wiping a ‘big’ disk would take time. If th...
Haider at HK_Dig4nsics
Overview One of the capabilities found in iOS devices is the Shortcuts application. This native application can be used to create shortcuts for different types of functionalities in the system. This article examines the homescreen of an iOS device after a shortcut to open a URL was created using the Shortcut application. The article also addresses artifacts indicating that a shortcut was used to accomplish a particular task in the system. The test shortcut created for this article opens a webpag...
InfoSec Write-ups
Hey Everyone,Few days before I complete the BlackEnergy Ctf challenge in cyberdefenders. It is not a hard one but not too easy. So let’s get jump into the basics of memory forensics. Site : cyberdefenders.orgcategory : Memory ForensicTool : volatility 2, volatility 3 First of all, i find the exact operating system profile for further analysis.Q1 ) Which volatility profile would be best for this machine?ANS: We already find the answer from the previous step.Q2) How many processes were running whe...
Invictus Incident Response
Emerging Tactics and TrendsAbout Invictus Incident ResponseWe are an incident response company and we ❤️ the cloud and specialise in supporting organisations facing a cyber attack. We help our clients stay undefeated!🆘 Incident Response support reach out to cert@invictus-ir.com or go to //www.invictus-ir.com/247IntroductionOver the past months, we have provided support to multiple organizations that have fallen victim to Business Email Compromise (BEC) attacks. In this blog we would like to shar...
Kevin Pagano at Stark 4N6
Posted by Kevin Pagano May 02, 2023 Get link Facebook Twitter Pinterest Email Other Apps Gboard has been around since 2016 but I only recently realized some of the capabilities the Clipboard piece of it has. Yogesh Khatri wrote an excellent post a few years back on the typing aspects of Gboard artifacts but nothing regarding the clipboard itself (I'm not sure if this feature was implement after his blog).The user has the choice to enable with a little toggle switch in the settings (as seen in th...
Melanie Ninovic at ParaFlare
MenuContact UsServicesNews & InsightsCyber threatsTechnical ResearchInsightsVideosCase studiesPress ReleasesOur PartnersMicrosoftOther PartnersWhy ParaflareOur Leadership Team1300 292 946INETCACHE: EXPLOITING FROM WITHINPublished by Melanie Ninovic | 28 April 2023 Melanie NinovicPrincipal Consultant - Digital Forensics & Incident Response (DFIR)April 28, 20237 min read.Last year, ParaFlareâs Managed Detection and Response (MDR) team received an alert that caused some concern, especially at 2.3...
Pieces0310
园子的商业化努力-困境求助:开设捐助通道 首页 新闻 博问 专区 闪存 班级 所有博客 当前博客 我的博客 我的园子 账号设置 简洁模式 ... 退出登录 注册 登录 Pieces0310 取证须让证物说话,莫妄以自我心证来给案情下定论.切忌画靶射箭,为找而找. 取证的根基仰赖经验与判断,在IT各领域的经验愈丰富,愈能看出端倪. 取证须善用工具,但不过度依赖工具.工具只能帮你缩小可能范围,但无法告诉你答案,仍需靠人进行分析判断. 首页 新随笔 联系 订阅 管理 公告 再谈USB存储设备的使用痕迹 Posted on 2023-05-04 21:36 Pieces0310 阅读(24) 评论(0) 编辑 收藏 举报 近来有小伙伴在看了我先前的文章->如何检视USB存储设备的使用记录<,如下所示: //www.cnblogs.com/pieces0310/p/15943567.html 仍然想要进一步知道如何具体操作,因此,我就再次进行说明好了~ 首先,关于你提到的问题,其实操作系统的机制本就不在为操作行为留下记录,说穿了,都是为了优化系统及提升用户体验为主要考虑.因此,关于USB存储设备...
Plainbit
김서준 and other authors 2023년 05월 04일 12 min read 1. 개요이전 'Sysmon 활용 가이드: 이벤트 구성 항목'에서 Sysmon이 기록하는 이벤트의 구성 항목을 알아봤다. 본 글에서는 Sysmon Configure File의 구성과 작성 방법을 살펴본다.Sysmon을 기본 설정으로 설치하게 되면 기록하지 않는 이벤트가 존재하고, 설정을 모두 활성화하면 매우 많은 이벤트가 기록되어 정작 필요한 이벤트를 놓칠 수 있다. 따라서 시스템 용도에 따라 Configure File을 작성해야 한다.XML 형식의 Configure File은 이벤트 유형이 정의된 필드에 논리 연산(AND, OR)을 적용해 많은 필터링 옵션을 사용할 수 있어 높은 유연성을 가진다. -i 또는 -c 옵션 뒤에 Configure File을 지정해 적용할 수 있다.1) Sysmon 설치 시 Configure File 적용sysmon.exe -i >Configure File<2) Sysm...
