本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成＆投稿したものです。 一部の記事は Google Bard を使い要約しています。4n6 は こちら からご確認いただけます。

FORENSIC ANALYSIS

Andrew Skatoff at ‘DFIR TNT’

• RMM – ScreenConnect: Client-Side Evidence

RMM – ScreenConnect: Client-Side Evidence Andrew Skatoff Forensics, Log Analysis, RMM July 14, 2023July 14, 2023 Inspired by recent threat intelligence, I am starting a series on Remote Monitoring and Management (RMM) tools. I wanted start with some testing on ScreenConnect to support investigators who may have a victim device where a user has been tricked into giving control over to an attacker. We want to be able to answer questions like these: What can we find out about what happened? Was mal...

Cado Security

• Macbooks and the Cloud

• Chain of Custody in the Cloud

Cyber Triage

• Logon Session vs Local Session vs Cyber Triage Sessions. Oh My!

Decrypting a Defense

• Mobile Surveillance, Body-worn Camera Audit Logs, Facial Rec. Source Code, & Threads Data

digitalforensicslas.substack.comCopy linkFacebookEmailNotesOtherMobile Surveillance, Body-worn Camera Audit Logs, Facial Rec. Source Code, & Threads DataVol. 4, Issue 7The Digital Forensics UnitJul 10, 20231Share this postMobile Surveillance, Body-worn Camera Audit Logs, Facial Rec. Source Code, & Threads Datadigitalforensicslas.substack.comCopy linkFacebookEmailNotesOtherSharePhoto by Claudio Schwarz on UnsplashJuly 10, 2023Welcome to Decrypting a Defense, the monthly newsletter of the Legal Ai...

Oleg Afonin at Elcomsoft

• Pushing the Boundaries: Low-Level Extraction of iOS 16.4 with Keychain Decryption

July 10th, 2023 by Oleg AfoninCategory: «Elcomsoft News», «Mobile» When it comes to iOS data acquisition, Elcomsoft iOS Forensic Toolkit stands head and shoulders above the competition. With its cutting-edge features and unmatched capabilities, the Toolkit has become the go-to software for forensic investigations on iOS devices. The recent update expanded the capabilities of the tool’s low-level extraction agent, adding keychain decryption support on Apple’s newest devices running iOS 16.0 throu...

• Accelerating Computer Forensics: Elcomsoft System Recovery and the Low-Hanging Fruit Strategy

July 14th, 2023 by Oleg AfoninCategory: «General» In the world of digital investigations, the sheer volume of data and the challenge of identifying valuable evidence can be overwhelming. Often, investigators find themselves faced with the need for optimization — the ability to quickly and seamlessly identify what is valuable and requires further examination. We aim to fulfill this need by introducing a new forensic toolkit in Elcomsoft System Recovery, a powerful bootable tool designed to speed ...

Forensafe

• Investigating Android Telegram

14/07/2023 Friday The Android Telegram app, developed by Telegram Messenger LLP, is a free messaging application known for its user-friendly interface and strong focus on security. With features such as text messaging, voice and video calls, media sharing, and group chats, Telegram offers comprehensive messaging experience. It employs end-to-end encryption for message privacy and allows users to set self-destruct timers for added security. The app also provides cloud-based storage for seamless a...

Raj Upadhyay

• Artifacts || PsExec Execution

Artifacts || PsExec ExecutionRaj Upadhyay·Follow4 min read·1 day ago--ListenShareToday we will see what Artifacts we can discover when Threat Actor use PsExec in Post-Exploitation stage in network.We have one Domain Controller (Server 2019) and 2-Windows 10 machine. we will assume one of the “Domain Admin account” credentials is leaked and Threat Actor got access to the network by utilizing that credentials and TA is doing different activities on network. ( we will play TA role and Investigator ...