解析メモ

マルウェア解析してみたり解析に役に立ちそうと思ったことをメモする場所。このサイトはGoogle Analyticsを利用しています。

4n6 Week 22 – 2023 - FORENSIC ANALYSIS

本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。

FORENSIC ANALYSIS

David Spreadborough at Amped

David Spreadborough May 23, 2023 Welcome back to our continuing blog series on CCTV acquisition. In this post, we will concentrate on closed-box CCTV acquisition using network access. We have covered many aspects so far. In the last post, we learned that a closed-box acquisition does not require a screwdriver, in that we won’t be opening up any devices! We also detailed the most common acquisition method, the use of a temporary storage device. Contents 1 Setting up a Network 2 Searching for CCTV...

Cado Security

Cyber Triage

Data Forensics

DD File Forensics and Analysis Using an Automated Software Jaspreet Singh | Modified: May 25, 2023|Email Forensics | 4 Minutes Reading DD File Forensics involves analysis of DD file or Disk Dump file which is used to create exact copies of the data present in a disk or a storage device which can be used for various purposes. This article expands upon a specific purpose that the file is used for, DD Image File Forensics, more specifically, forensics of email data present on the file for which a u...

E01 Forensic Analysis Using an Expert Solution E01 Forensic Analysis Using an Expert Solution Jaspreet Singh | Modified: May 26, 2023|Email Forensics | 5 Minutes Reading This article explores all the aspects of E01 Forensic Image files, their uses, their application etc. in modern digital forensics. This article also talks about a professional tool that enables you to specifically analyze email data and carry out E01 Forensics. E01 Forensics Image – Format and Uses E01 files or Encase image file...

Gmail Email Forensic Analysis Using a Tried & Tested Solution Jaspreet Singh | Modified: May 26, 2023|Email Forensics | 4 Minutes Reading Gmail Forensics as a field is a very niche and purpose-oriented area of digital forensics which deals with the forensic analysis of the data in a Gmail account. Millions of people all over the world use Gmail as their email clients making it one of the most popular email services. Such a large user base has a significant drawback, spam, and online fraud, which...

Email Forensics » Email Forensics Analysis and Best Ways That Experts Use Email Forensics Analysis and Best Ways That Experts Use Aksh Nayak | Modified: May 26, 2023|Email Forensics | 7 Minutes Reading Email Forensics has grown to be a large and ever-evolving field with the rising popularity of Email as a medium of communication. Email is now used in offices, homes, and in schools as well.This exposes the customers to being victims of spam and online fraud. Therefore, the need for forensics in t...

Eric Capuano

blog.ecapuano.comCopy linkTwitterFacebookEmailNotesVMware Memory Analysis with MemProcFSA lab guide for analyzing an infected memory image of a running VMware system with MemProcFS.Eric CapuanoMay 27, 20231ShareShare this postVMware Memory Analysis with MemProcFSblog.ecapuano.comCopy linkTwitterFacebookEmailNotesLet’s get hands-on with one my favorite memory analysis tools, MemProcFS by Ulf Frisk. I highly recommend watching this video demo by Ulf Frisk which outlines a lot of what we’re about t...

Forensafe

Workspaces in ArtiFast 26/05/2023 Friday Digital forensics analysis can be a complex and time-consuming process. Investigators need to efficiently analyze large amounts of data from a variety of sources. ArtiFast is a powerful digital forensics tool that simplifies the process by allowing users to customize their workspaces for their specific needs. In this blog post, we'll explore how workspaces in ArtiFast can be tailored to suit different digital forensics scenarios, and how investigators can...

Joshua Hickman at ‘The Binary Hick’

iOS 15 Image Now Available. Finally. Binary Hick Apple, iOS, Mobile 2023-05-242023-05-24 1 Minute Better late than never, I suppose. It’s been a long time coming, but I am happy to announce an iOS 15 public image with documentation is now available for download. I was waiting for a publically available jailbreak to create this image, and while I know palera1n is available, I opted to just use tools I had at my disposal to extract the data. This image is slightly different than previous iOS image...

Mailxaminer

Is Message-ID Helpful for Forensic Email Analysis? MailXaminer | Modified: 27-05-2023 | Forensics | 6 Minutes Reading Email headers play a crucial role in the forensics investigation process. Out of other components of the email header, ‘Message ID’ (commonly referred to as an identifier) is one of the important fields, helpful in finding a particular email log entry within a log file of an email server. In fact, through Message ID Forensics, investigators can carve out the necessary evidence fr...

Amber Schroader at Paraben Corporation

Written by Amber Schroader Android, developed by Google, is one of the most popular mobile operating systems worldwide, powering millions of devices. What you might not realize is that there are different tiers of Android OS that are available for millions of devices. We will explore the three primary Android OS types: Oxygen, Go, and Standard. Understanding these variants will help you watch for any changes in your acquisition processes and data specific to each device type. Oxygen OS: Oxygen O...

Chad Tilbury at SANS

Chad Tilbury Finding Evil WMI Event Consumers with Disk Forensics This blog covers disk-based artifacts and tools available for use during deeper forensic investigations. May 22, 2023 Finding Evil WMI Event Consumers with Disk ForensicsWMI abuse remains an easy and stealthy component of many modern attacks targeting Microsoft Windows. WMI can facilitate every aspect of the post-exploit kill chain using built-in tools with the added bonus (from the attacker’s perspective) of minimal available l...

Dave Melvin at Sumuri

John Scott-Railton, Bill Marczak, Bahr Abdul Razzak, Nicola Lawford, and Ron Deibert at The Citizen Lab

Infection Confirmations The Citizen Lab examined the devices of a number of individuals in Armenia for evidence of spyware infections including Pegasus, as part of an investigative collaboration with Access Now, CyberHUB-AM, Amnesty International’s Security Lab, and independent mobile security researcher Ruben Muradyan. Read the Access Now report on the civil society cases: Hacking in a war zone: Pegasus spyware in the Azerbaijan-Armenia conflict. Our forensic analysis of the following individua...

The DFIR Report