本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成＆投稿したものです。 一部の記事は Google Bard を使い要約しています。4n6 は こちら からご確認いただけます。

FORENSIC ANALYSIS

Amped

• Acquisition from a Cloud-based Service Provider

David Spreadborough July 18, 2023 The CCTV Acquisition series continues here with another installment. This post features an acquisition from a cloud-based service provider. In previous posts, we have always started with a device that contains the data required to be preserved as evidence. With full cloud-based storage, the data is on a remote server, owned and managed by a separate entity. There are several different types of cloud-based CCTV. It is vital to recognize what system you may be dea...

• How to Use the Macroblocks Filter in Amped FIVE

Emi Polito July 19, 2023 With the latest release of Amped FIVE, we brought you an improved Macroblocks filter. The article will focus on the principles of video compression, understanding the filter and how to interpret its results. We will also look at the new “Quantization Parameter Analysis”. Read on to learn more! Contents 1 Introduction 2 Compression in a Nutshell 3 Performing a Macroblock Analysis 4 Detecting Double Encoding with Macroblock Analysis 5 The Quantization Parameter Analysis 6 ...

Belkasoft

• Ins and Outs of Hashing and Hashset Analysis in Belkasoft X

Introduction With ever-increasing device storage capacity, digital forensic cases and cyber incident response examinations are receiving more and more files to analyze. This data abundance leads to slowdowns in investigations and growing case backlogs. In this article, we will review hashes and hashset analysis as a means to mitigate the problem of growing volumes in a digital forensic or incident response (DFIR) case. We will use Belkasoft X software to illustrate the hashset analysis approach....

Manuel Winkel at Deyda

• Checklist for NetScaler (Citrix ADC) CVE-2023-3519

Table of Contents Toggle Firmware UpdatesReview of the systemsFind out the time of the last updateEdited filesHTTP error log filesShell / Bash log filesLog filesEdited files with the setuid bitNobody processescess-vpn log filesCheck network and firewall logsCountermeasures for affected systems Citrix issued an alert yesterday (07/18/2023) about a critical vulnerability (CVE-2023-3519) in all NetScaler (Citrix ADC) & Gateway systems. To date, no working exploits have been published. Important ! T...

Elcomsoft

• iOS Forensic Toolkit Tips & Tricks

Low-level Extraction for iOS 16 with iPhone 14/14 Pro SupportOpen-Sourcing Raspberry Pi Software for Firewall Functionality: Secure Sideloading of Extraction AgentLow-level Extraction for iOS 15Analyzing iPhone PINsAutomating Scrolling Screenshots with Raspberry Pi PicoAutomating DFU Mode with Raspberry Pi PicoPerfect Acquisition Part 4: The Practical PartPerfect Acquisition Part 3: Perfect HFS AcquisitionMore... Events Official site About us Home Categories GeneralElcomsoft NewsSecuritySoftware...

• iOS Device Acquisition: Installing the Extraction Agent

iOS Forensic Toolkit Tips & TricksLow-level Extraction for iOS 16 with iPhone 14/14 Pro SupportOpen-Sourcing Raspberry Pi Software for Firewall Functionality: Secure Sideloading of Extraction AgentLow-level Extraction for iOS 15Analyzing iPhone PINsAutomating Scrolling Screenshots with Raspberry Pi PicoAutomating DFU Mode with Raspberry Pi PicoPerfect Acquisition Part 4: The Practical PartPerfect Acquisition Part 3: Perfect HFS AcquisitionMore... Events Official site About us Home Categories Gen...

Howard Oakley at ‘The Eclectic Light Company’

• iCloud Drive changes extended attributes

[…] LikeLike Leave a Reply Cancel reply Enter your comment here... Fill in your details below or click an icon to log in: Email (required) (Address never made public) Name (required) Website You are commenting using your WordPress.com account. ( Log Out / Change ) You are commenting using your Facebook account. ( Log Out / Change ) Cancel Connecting to %s Notify me of new comments via email. Notify me of new posts via email. Δ This site uses Akismet to reduce spam. Learn how your comment data is...

Jaspreet Singh at Mail Xaminer

• Message-id Forensics: Make Analysis Easy With Message Id Analyzer

News We attended the Planet Cyber Sec Conference in Santa Monica. News We attended the Planet Cyber Sec Conference in Santa Monica. Contact connect@systoolsgroup.com +1 888 900 4529 Menu Product Features Guide Pricing Support Schedule A Demo Home » Blog » Forensics » Message-ID Forensics: Make Analysis Easy with Message ID Analyzer Message-ID Forensics: Make Analysis Easy with Message ID Analyzer Jaspreet Singh | Modified: 20-07-2023 | Forensics | 7 Minutes Reading Email headers play a crucial r...

Kostas

• Ursnif VS Italy: Il PDF del Destino

Ursnif VS Italy: Il PDF del DestinoKostas·Follow9 min read·4 days ago--ListenShareThis is the second blog of this series which displays the actions that threat actors are taking upon post-exploitation efforts. Just a reminder, these short blog posts come with sanitized artifacts of the intrusion I observed. This is so people can use it for training materials or recreate the investigation steps I followed in their own lab. You can find the artifacts in the repo below.Intrusion_data: //github.com/...

Megan Roddie at SANS

• Azure Log Extraction

Megan Roddie Azure Log Extraction In this blog post, we discussed the various methods for accessing and exporting Tenant and Subscription logs from Microsoft Azure. July 16, 2023 So far in our blog post series on cloud log extraction, we have looked at extracting logs from AWS, Google Cloud, and Google Workspace. In the fourth installment of this series, we’ll be looking at how we can view and extract logs from Microsoft Azure.In Azure, there are several sources of logs providing various infor...

• Microsoft 365 Cloud Log Extraction

Megan Roddie Microsoft 365 Cloud Log Extraction In this blog post, we discuss the various methods of accessing and exporting the Unified Audit Log (UAL) July 22, 2023 So far in our blog post series on cloud log extraction, we have looked at extracting logs from AWS, Google Cloud, Google Workspace and Azure. In the fifth and final installment of this series, we’ll be looking at how we can view and extract logs from Microsoft 365.This first post will look at Microsoft 365. One of the benefits of...

Joachim Metz at Open Source DFIR

• What’s in a (file) path?

Get link Facebook Twitter Pinterest Email Other Apps By Joachim Metz July 19, 2023 What’s in a (file) path?BackgroundFor the experienced reader this might seem a very basic topic, however file paths are things we easily take for granted. I rarely come across DFIR articles that discuss (file) paths, though they are key to many file systems and data formats. There are numerous edge cases that make it challenging to ensure reproducibility [1] of paths in tooling. This article will cover several of ...

Salvation DATA

• [Case Study]Analysis Of Forensics Methods For Android Emulator NoxPlayer

Work Tips 2023-07-18 Content Overview Analysis of Forensic Ideas Case Study Cautions Content Overview Analysis of Forensic Ideas Case Study Cautions Overview The android emulator can simulate the android operating system on the computer, and can install, use, and uninstall tool software for android applications. It allows users to experience the whole process of operating the android system on the computer.Because of its simple operation and low cost, it is often used by criminals to carry out i...

The Sleuth Sheet – Medium

• OSINT: Crypto Drainer Investigation

OSINT: Crypto Drainer InvestigationVEEXH·FollowPublished inThe Sleuth Sheet·4 min read·14 hours ago--ListenShareART By VEEXHTaking inspiration from reading BushidoTokens latest blog post where he emphasizes that the best way to get started with threat intel is to “practise analysing things in the wild”. So I did just that because the perfect yet persistent opportunity had presented itself.LETS BEGINSince Arkham, a blockchain intelligence company, released their new intelligence initiative paired...