解析メモ

マルウェア解析してみたり解析に役に立ちそうと思ったことをメモする場所。このサイトはGoogle Analyticsを利用しています。

4n6 Week 36 – 2023 - MISCELLANEOUS

本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。

MISCELLANEOUS

ADF Solutions

Posted by ADF Solutions on September 1, 2023 Find me on: Facebook LinkedIn Twitter Tweet As smartphones continue to play an ever-increasing role in our lives, law enforcement, and digital forensics professionals are faced with the challenge of efficiently extracting and processing information from these devices. This is where Mobile Device Investigator (MDI) comes into play with Preview Mode, a cutting-edge feature available for iOS and Android devices. MDI preview mode grants investigators inst...

Autopsy

Jonathan Tanner at Barracuda

Topics: Aug. 30, 2023 | Jonathan Tanner Tweet Share Share Tweet Share Share Greek mythology tells of a decade-long war between Achaea and Troy. After holding out under siege for so many years, Troy ultimately falls to a ruse — a wooden horse meant to taken as a victory trophy loaded with Greek troops that open the gates to their army who storm the city. Thus, the legend of the Trojan horse was born, but today this term is more commonly used to describe not a wooden horse, but rather a piece of m...

Brett Shavers

Monica Harris at Cellebrite

Doug Burks at Security Onion

Security Onion Solutions has been teaching Security Onion classes since 2014. Since that time, we've taught students around the globe to help them peel back the layers of their enterprise and make their adversaries cry.Our next class is in October. Why should you sign up? Here are the top 5 reasons!1. Amazing instructorsOur instructors are not like other instructors that just read from a slide deck. Security Onion Solutions instructors have years of experience in threat hunting, enterprise secur...

Forensic Focus

Christa Miller at Forensic Horizons

Christa Miller·FollowPublished inForensic Horizons·11 min read·1 day ago--ListenShareBeyond the horizon where tech and the law meet lie dragons: the unknown of what it all means to society. Follow us as we navigate!Photo by Nathan Dumlao on UnsplashThis was a surprisingly busy month for media covering tech and justice issues, or perhaps it was only a surprise to me because I was trying to take a break! (I’m planning to continue (if not wrap) our series on uncertainty in digital forensics in Sept...

Kaido Järvemets at Kaido Järvemets

Streamlining Identity Investigations: Real-Time Responses with Defender for Identity and Beyond Kaido Järvemets August 29, 2023 IntroductionIn our previous articles, we embarked on a journey through the foundational aspects of Active Directory (AD) and Microsoft Defender for Identity (MDI). We explored their core functionalities, shedding light on their pivotal roles in modern cybersecurity. As we progress in this series, it’s time to elevate our discussion. Today, we’ll delve deeper into the ad...

Kevin Pagano at Stark 4N6

Posted by Kevin Pagano September 01, 2023 Get link Facebook Twitter Pinterest Email Other Apps Happy Friday forensicators!Shortlink: startme.stark4n6.comQR Code:If people have suggestions for additions please feel free to shoot me a message on the app formerly known as Twitter (@KevinPagano3) or Mastodon.Blog FeedThe DIFR SpotJ & L ForensicsKali LinuxPodcastsDigital Forensics NowSANS Posters & Other Cheat SheetsFOR518 - macOS and iOS Forensic AnalysisTest Device & Analysis SetupBuild Your Lab - ...

Kim Zetter at Kim Zetter at ‘Zero Day’

Interview with the ETSI Standards Organization That Created TETRA "Backdoor"www.zetter-zeroday.comCopy linkFacebookEmailNotesOtherInterview with the ETSI Standards Organization That Created TETRA "Backdoor"Brian Murgatroyd spoke with me about why his standards group weakened an encryption algorithm used to secure critical radio communications of police, military, critical infrastructure and others.Kim ZetterJul 25, 202325Share this postInterview with the ETSI Standards Organization That Created ...

Korstiaan Stam at ‘Invictus Incident Response’

5 Tips to prevent or limit the impact of an incident in AzureInvictus Incident Response·Follow6 min read·5 days ago--ListenShareFollow us on LinkedIn | Twitter | GitHub| MediumHopefully by now you know, our business is cloud incident response. What if we told you, there are ways to prevent or limit the impact of an incident in the Micrsoft Azure cloud. Maybe you won’t even need us in the future. In this blog we’ll show you five low-cost and easy to implement measures with high-impact to prevent ...

Plainbit

김진국 2023년 08월 29일 15 분 소요 마그넷에서 "2023 State of Enterprise DFIR"이라는 이름으로 기업의 DFIR 현황과 관련한 보고서를 공개했다. 해당 보고서는 북미, 유럽, 중동, 아프리카의 기업 DFIR 전문가(500명 이상)를 대상으로 실시한 설문조사 결과를 바탕으로 작성되었다. 조사 대상에서 아시아가 빠져있는 점이 아쉽지만 보고서에서 언급한 DFIR의 흐름이 아시아에서도 유사할 것으로 판단된다. 보고서에서는 크게 3개의 인사이트를 소개하고 있는데 하나 씩 살펴보자. #1. KEY INSIGHTS - 사고 대응에서 디지털 포렌식이 더 중요해지고 있다. 디지털 포렌식은 기업 환경에서 오랫동안 인사문제(인사 분쟁, 괴롭힘, 불만 등) 해결, 정책 위반 평가(기업 자산 오용), 법적 의무 이행(컴플라이언스, 이디스커버리), 부정조사(사기, 데이터 유출, IP 도난 등)에 적용되어 왔다. 이런 조사의 대부분은 데스박스 포렌식 형태로 내부자의 엔드포인트를...

Salvation DATA

Technical Tips 2023-08-30 Content Preview Analysis to Recover Data from Formatted Partition Steps to recover formatted data with partition recovery software Notes Content Preview Analysis to Recover Data from Formatted Partition Steps to recover formatted data with partition recovery software Notes Preview What should I do if the partition is “formatted” in business work? Especially in actual cases, it is often encountered that the data involved in the partition is damaged. How to recover files ...

SANS

  • NEW SANS DFIR Course coming in 2024 Sean O'Connor FOR589: Cybercrime Intelligence - NEW SANS DFIR Course coming in 2024 Learn to traverse the cyber underground, social engineer cybercriminals and investigate illicit cryptocurrency activity. August 31, 2023 Learn the skills needed to collect, analyze and take action on cybercrime intelligence. Level up!The cybercrime threat landscape continues to rapidly evolve due to technological advancements, increased investments in offensive cyber operatio...

Mike Hoffman Defending Against Ransomware in Industrial Control Systems Leveraging ICS612 and the SANS Five Critical Cybersecurity Controls August 30, 2023 Ransomware attacks against organizations are now one of the primary methods criminal and adversarial groups leverage to bring organizations, cities, and governments to their knees. The method and reasons behind the attacks vary. Still, the impact is often the same: potentially sensitive data is exfiltrated for financial or intellectual gain, ...

Douglas McKee SEC568: Approaching the Software Supply Chain like Jack Byrnes Keep your circle of trust secure with product security testing August 31, 2023 My father spent many years serving in the United States Marine Corps and intelligence agencies. Although he was a loving father, his past made it difficult for him to trust or take information at face value. While this was apparent in everyday life, it was most evident when my sister started dating. When my sister brought home a new boyfriend...

Chad Tilbury Next Generation FOR508 The latest FOR508 update represents a major upgrade to the courseware with a complete replacement of every hands-on exercise in the course. September 3, 2023 DOWNLOAD THE COURSE UPDATE FLYER HEREWe are excited to announce a significant update to the SANS FOR508 Advanced Incident Response, Threat Hunting and Digital Forensics class. It represents a major upgrade to the courseware with a complete replacement of every hands-on exercise in the course. While we co...

John Patzakis at X1

By John Patzakis August 30, 2023 The Best Evidence Rule, as codified in Federal Rule of Evidence 1002, provides that an original writing, recording, or photograph is required to prove the contents of the document. This rule was formulated in a paper document dominated era, and aimed to prevent fraud and inaccuracies that could arise from secondary or duplicate evidence. However, the prevalence of electronically stored information (“ESI”) prompted exceptions to this rule when it comes to computer...

Zain ul Abidin

How to install SPLUNK Enterprise and ingest logs using SPLUNK Universal forwarderZain ul Abidin·Follow5 min read·5 days ago--ListenShareIn this blog post, we will explore in detail the process of deploying Splunk Enterprise and configuring it to ingest logs using the Splunk Universal Forwarder.Here’s the overview of the blog:SPLUNK: IntroductionHow to install Splunk EnterpriseSplunk Universal ForwarderSPLUNK: IntroductionSPLUNK is one of the leading SIEM in the information security industry desi...