本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Belkasoft
Introduction Apple devices are known to collect usage statistics in their system files. This data helps improve user experience, but it may also become a valuable source of information for digital forensics specialists during criminal and civil investigations. One particularly insightful file to examine on Apple devices before iOS 16 and macOS 13 is the knowledgeC.db database. This SQLite file includes records about various activities happening on the device, such as device usage, app usage, web...
Blake Regan
— How to Mount and iOS Forensic ImageBlake Regan·Follow10 min read·Jun 12--ListenShareHave you every wondered how to mount an iOS filesystem image in a forensically sound manner for analysis? Look no further — this blog article has got you covered!In this article we will take a compressed archive of physical/logical image taken from an iOS 15.3.1 filesystem, covert it to a dmg file, then mount it as a disk image on a system Volume mount point. Pretty cool, right? Right.What You Need for This Pro...
Cloudyforensics
Google Cloud Forensics and Incident ResponseForensic Labs·Follow3 min read·Jun 13--ListenShareCheck out the next video in our series on cloud forensics and incident response — this time on Google Cloud (GCP).Security Command CenterSecurity and risk management platform for Google Cloud.Detect and respond to high-risk threats in your logs with Google Cloud | Google Cloud BlogEvent Threat Detection-a feature in Cloud Security Command Center-lets you detect and respond to high-risk and costly…cloud....
Dr. Neal Krawetz at ‘The Hacker Factor Blog’
Haider at HK_Dig4nsics
OverviewMicrosoft released Windows 11 with a new feature, Windows Subsystem for Android (WSA). This feature enabled users to run Android applications in Windows 11 without involving third-party virtualization software. I believe that digital forensic examiners need to understand this feature as it can be used as a new source of digital evidence in Windows 11 systems. This blog post focuses on some of the critical WSA artifacts and how to extract data from the WSA environment. Analysis of the WSA...
Maxime Chouquet at Lexfo
CVE-2023-27997 - Forensics short notice for XORtigateTue 13 June 2023 by Maxime Chouquet in Csirt. Fortinet Fortigate Overflow Cve-2023-27997 Xortigate ForensicsTweetShareShareShareContextFollowing the release of the CVE-2023-27997 on our blog and its section "A few notes for blue teamers", here are some Forensics tips and the traces left by a successful execution of an exploit of this CVE.This blog is not intended to represent a real case of a CVE-2023-27997 compromise, it is for information pu...
Md. Abdullah Al Mamun
Email Incident ResponseMd. Abdullah Al Mamun·Follow3 min read·Jun 13--ListenShareEmail security incidents pose a high risk to a business & organization. The risk includes phishing, business email compromise (BEC) unauthorized access etc. This article describes some unique incident actions for email compromise cases.Find Deleted Email in WordPressSuppose a WordPress website is hacked and attacker created some email addresses with the website domain to use for spamming and finally deleted those em...
NCC Group
Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571) Defeating Windows DEP With A Custom ROP Chain Machine Learning 104: Breaking AES With Power Side-Channels A Brief Review of Bitcoin Locking Scripts and Ordinals How to Spot and Prevent an Eclipse Attack Eurocrypt 2023: Death of a KEM Reverse Engineering Coin Hunt World’s Binary Protocol Technical Advisory – Multiple Vulnerabilities in Faronics Insight (CVE-2023-28344, CVE-2023-28345, CVE-2023-28346, CVE-2023-28347, CVE-2...
