本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成＆投稿したものです。4n6 は こちら からご確認いただけます。

FORENSIC ANALYSIS

Abhiram Kumar

• Deep Dive Into Windows Diagnostic Data & Telemetry (EventTranscript.db) – PART 1

Deep Dive Into Windows Diagnostic Data & Telemetry (EventTranscript.db) - PART 1 DFIR Windows Windows Diagnostic Data Abhiram Kumar Aug 15, 2023 A small article detailing my recent experiments with Windows Diagnostic Data Telemetry (EventTranscript.db). What is this “EventTranscript.DB”? As we all know Windows collects data from our computers. As per Windows - “Diagnostic Data is used to keep Windows secure and up to date, troubleshoot problems and make product improvements.” Windows lets us cho...

David Spreadborough at Amped

• Viewing CCTV after Acquisition

David Spreadborough August 15, 2023 Welcome back to the blog series on CCTV Acquisition where, in this article, we cover viewing CCTV after acquisition. At initial thought, you may believe this to be a quick subject. However, as we dive deeper you will see that there are several considerations at different stages. Read on to learn more! Contents 1 Before Acquisition 2 After Acquisition 3 Assess 4 Evaluate 5 Process 6 Review 7 Summary Before Acquisition The first stage comes before any acquisitio...

Bhargav Rathod at DFRWS

• DFRWS 2023 Challenge

Home Blogs Challenge DFRWS 2023 Challenge 14 - Aug 2023 DFRWS 2023 Challenge By Bhargav Rathod DFRWS 2023 Challenge on Industrial Control System Forensics “The Troubled Elevator: Forensic Investigation of a Bank’s Elevator Malfunctioning” Introduction: The DFRWS 2023 challenge takes a deep dive into the domain of Industrial Control Systems (ICS), specifically focusing on programmable logic controllers (PLC). These systems are increasingly critical for monitoring and controlling industrial proces...

Forensafe

• Investigating Android Skype

18/08/2023 Friday Skype, a widely used software, enables seamless communication among individuals and businesses. With features including free video and voice calls, instant messaging, and file sharing, Skype enhances interaction. It's accessible on laptops, mobiles, tablets, and supports Microsoft Windows, macOS, Linux, iOS, Android, and Windows Phone. Digital Forensics Value of Android Skype Artifacts Android Skype emerges as a digital goldmine for forensic experts, containing a wealth of arti...

Harlan Carvey at Huntress

• Gone Phishing: An Analysis of a Targeted User Attack

Previous Post Share on Twitter Share on LinkedIn Share on Facebook Share on Reddit In the early days of information security, it was relatively easy to spot a phishing email in your inbox. A lot of the security awareness training available at the time did a great job of teaching users how to identify the red flags (spelling mistakes and Nigerian princes included). However, as time has progressed and cybercrime has grown to be more financially motivated and lucrative, threat actors have put consi...

Joshua Hickman at ‘The Binary Hick’

• Android & AirTags (Part II)

Binary Hick Android, Apple, Mobile 2023-08-132023-08-15 10 Minutes IYKYK. Summer (and DFIR conference season) is in full swing, so things have been busy! However, an opportunity presented itself recently that I could not allow to pass: revisiting a subject I previously wrote about. Things change so quickly in DFIR. App developers add new functionality and change or remove existing functionality often. Threat actors change their methods. Also often. There is a good chance that by the time a resea...

Justin De Luna at ‘The DFIR Spot’

• Sysmon – When Visibility is Key

top of pageThe DFIR SpotHomeBlogAboutMoreUse tab to navigate through the menu items.All PostsMalware AnalysisDFIRSearch2 days ago5 min readSysmon: When Visibility is KeyWhen investigating an intrusion, it is often said "Visibility is king". In my experience, I couldn't agree more. Far too often are users unaware of what is being logged by default and what needs extended or more verbose logging. Take Command Lines for example. Did you know that unless enabled by default, if an end-user types with...

Marcelle Lee

• TryHackMe Walkthrough: h4cked

Marcelle Lee·Follow6 min read·4 days ago--ShareThis is the first of my TryHackMe (THM) walkthroughs. THM is a fabulous platform for learning, with a wide variety of topics and skill levels. The h4cked room I am covering in this post is free for registered users.To complete this room you download the packet capture (pcap) file directly on your host and analyze using the tool of your choice. I will be using Wireshark for this walkthrough.Task 1 QuestionsThe attacker is trying to log into a specifi...

Monica Harris at Cellebrite

• Preparing for eDiscovery: A Simplified Approach to Text and Chat Data

• A Comprehensive Solution for Workplace App Data Collection

Megan Roddie at SANS

• Hope for the Best, Prepare for the Worst: How to prepare for cloud DFIR

Megan Roddie Hope for the Best, Prepare for the Worst: How to prepare for cloud DFIR Understand the specific steps that can be taken to significantly improve your organization's cloud incident response efficiency and efficacy. August 19, 2023 While incident response is reactive in nature, there are steps DFIR teams can proactively take to ensure that if the worst happens they will be prepared to respond. In this blog post, we will provide three key recommendations that will help organizations im...

Andrew Case at Volatility Labs

• Memory Forensics R&D Illustrated: Recovering Raw Sockets on Windows 10+

As mentioned in a recent blog post, our team is once again offering in-person training, and we have substantially updated our course for this occasion. Our next offering will be in Amsterdam in October 2023. To showcase our team’s new research, we are publishing a series of blog posts to offer a sneak peek at the types of analysis incorporated into the updated Malware & Memory Forensics training course.In this blog post, we present our recent research effort to modernize Volatility’s ability to ...