本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成＆投稿したものです。4n6 は こちら からご確認いただけます。

FORENSIC ANALYSIS

Abhiram Kumar

• Deep Dive Into Windows Diagnostic Data & Telemetry (EventTranscript.db) – PART 2

Deep Dive Into Windows Diagnostic Data & Telemetry (EventTranscript.db) - PART 2 DFIR Windows Windows Diagnostic Data Abhiram Kumar Aug 25, 2023 A small article detailing my recent experiments with Windows Diagnostic Data Telemetry (EventTranscript.db). In my last post, we explored a way to sort of “confuse” the Windows diagnostic telemetry to record the wrong hash of a binary in the Win32k.TraceLogging.AppInteractivitySummary events. In this article, I will continue a bit on that and explore so...

Ahmed Kamal Elmagraby

• Windows Registry Analysis Cheat Sheet

Table of Contents System info and accounts Software, services and programms Network, Share and Backups Hardware, printers and External/USB device Files and Folders README.md Windows Registry Analysis Cheat Sheet Table of Contents Table of Contents System info and accounts Software, services and programms Network, Share and Backups Hardware, printers and External/USB device Files and Folders System info and accounts Registry keys Description HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Com...

David Spreadborough at Amped

• CCTV Acquisition Series Summary

David Spreadborough August 22, 2023 We have made it! After several months of posts, we have come to the series summary on CCTV Acquisition. Thank you for joining us on this journey. It’s now time to look back and remind ourselves of some of the key points, and understand how incorrect acquisition may affect the future tasks required. Contents 1 Digital Multimedia Evidence 2 CCTV – The Beginners Guide 3 CCTV – Search and Trawl 4 CCTV Recovery 5 Public Submissions of CCTV and Video Evidence 6 Navi...

Andrew Skatoff at Andrew Skatoff at ‘DFIR TNT’

• RMM – Action1: Client Side Evidence

RMM – Action1: Client Side Evidence Andrew Skatoff Forensics, Log Analysis, RMM August 23, 2023 Today we turn our attention to Action1 in this series on Remote Management and Monitoring (RMM) Tools. Action1 boasts patch management as a key capability they offer.However, threat actors are also using Action1 to establish footholds in victim organizations. Here is an example of a recently reported malicious Action1 installer where the threat actor has bundled their malware with an apparently legit ...

Cado Security

• Why is CIRA all the Hype for Cloud Incident Response?

• Analyzing AWS Nitro Instances with Cado

Bret at Cyber Gladius

• LetsDefend’s DFIR Challenge: Remote Code Execution

LetsDefend has a new DFIR challenge called “Remote Code Execution.” Let’s walk through this investigation together and answer questions for this challenge! Attempt the challenge on your own first! If you get stuck, then refer to the guide. If you finished the challenge, comparing your analysis process to the one in this guide may help you improve your processes. The challenge states, “Our ERD software was triggered, alerted, and isolated a web server for suspicious use of the “nltest.exe” comman...

Joseph Moronwi at Digital Investigator

• Linux DFIR Analysis: Attacker Kali Linux Case By Dr. Ali Hadi

Joseph Moronwi August 23, 2023 0 Most of the millions of web servers that make up the Internet run Linux as their operating system. This means that many web server-related problems will require analysis of Linux-based systems. As such, it is imperative for forensic investigators to hone their Linux DFIR skills. This article aims to introduce readers to Linux system forensics by examining an attacker's Kali Linux machine. The image to be analyzed was provided by Dr. Ali Hadi which was presented a...

Felix Guyard at ForensicXlab

• 📘 Volatility3 : Remote analysis on cloud object-storage.

August 23, 2023 8-minute read Memory Forensics DFIR • Volatility • Memory Forensics Abstract Link to heading Memory forensics is a huge help when performing an investigation and during incident response. Collecting memory images and analyzing them at scale is a challenge. It is crucial to have the capability of examining memory images on storage platforms other than traditional file systems. With the emergence of cloud technologies, new forms of storage known as object storage have emerged. Enab...

Forensafe

• Investigating Android Skype

Investigating Android Call logs 25/08/2023 Friday Call logs on Android mobile phones are records that document the history of incoming, outgoing, and missed calls made from or received by a specific Android device. This information can be essential for individuals to keep track of their communications and quickly identifying who they were in contact with as call logs display the names or labels associated with phone numbers if they are stored in the device's contacts. Digital Forensics Value of ...

Francisco Dominguez at DiabloHorn

• Lateral movement: A conceptual overview

Lateral movement: A conceptual overview I’ve often been in the situation of explaining lateral movement to people who do not work in the offensive security field on a daily basis or have a different level of technical understanding. A lof of these times I’ve not really talked about the ways in which lateral movement is performed, but I’ve taken a step back and first talked about the ‘freedom of movement’ that an attacker obtains when they first enter your environment. This small nuance helps a l...

Lorena Carthy-Wilmot

• TOOL: Hexordia IO+S Toolkit v1.0.0

TOOL: Hexordia IO+S Toolkit v1.0.0Random Dent·Follow2 min read·2 days ago--ListenShareI love me new tools! So when I saw Hexordia (//www.hexordia.com/tools) was sharing a new and free tool for monitoring iOS devices, I was over the moon!I finally had the time to sit for a second and run the quickest test ever (seriously, for like 10 seconds!). So I guess I didn’t have that much time??? Anyway.First, I couldn’t find any information on the tool’s requirements. I asked Hexordia on Twitter and was t...