本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Emi Polito at Amped
Emi Polito September 5, 2023 Hello again folks and welcome to the second article in our new series “Learn and solve it with Amped FIVE“. As mentioned in our previous article, this series is focused on how to solve common challenges related to video evidence using Amped FIVE.This week we are going to look at the advantages of integrating multiple frames in a video together. Also, we’re going to discuss how this technique can assist in reducing noise and enhancing detail. Contents 1 What is Frame ...
Andrew Skatoff at ‘DFIR TNT’
RMM – Level.io: Forensic Artifacts and Evidence Andrew Skatoff RMM, Uncategorized September 5, 2023September 5, 2023 Level software is the next RMM tool I wanted to research. A Crowdstrike threat intelligence report mentions this software being abused, but provides little detail. Let’s dig in to see what forensic artifacts and telemetry this tool creates to assist incident responders and forensicators. No thanks. Just take me to the IOCs/TTPs! PublisherCapabilitiesTesting MethodsInstallationPers...
Belkasoft
Introduction In the world of digital communication, WhatsApp takes the lead as the most popular messaging app, having a user base of over two billion people. With such widespread usage, it frequently becomes a central artifact in digital investigations, revealing users' connections, locations, intentions, actions, and more. As the app continues to evolve, it is essential to stay updated on its specific features to maximize extracting valuable user data for investigations. WhatsApp is available o...
Patterson Cake at Black Hills Information Security
Patterson Cake // PART 1 PART 2 In part one of “Wrangling the M365 UAL,” we talked about acquiring, parsing, and querying UAL data using PowerShell and SOF-ELK. In part two, we discussed leveraging AWS EC2 for greater flexibility and accessibility for SOF-ELK deployment. Along the way, we learned how to specifically format our exported UAL data for easy, automated ingestion into SOF-ELK, but what if the data you’ve acquired or were provided is not in the proper format? Fortunately, if we have th...
Brian Maloney
It's been about a year and a half since the initial release of OneDriveExplorer. With this being a major release, I thought I'd write about some of the updates and improvements. I've been working hard in my spare time to add in data as it is discovered and to give the best user experience possible. With that said, lets look at some of the improvements and features with this release. Updated dat parser The way OnedDriveExplorer initially would parse information out of the dat file was with regex....
DCSO CyTec
Microsoft Edge Forensics: Screenshot HistoryDCSO CyTec Blog·Follow5 min read·6 days ago--ListenShareAccording to a recent article on Neowin, Microsoft Edge has a new feature that allows it to take screenshots of every web page a user visits. The feature is called “Save screenshots of site for History” and is available in Microsoft Edge 117, which is currently available for testing in the Canary and Dev channels. The feature is off by default, but if a user decides to turn it on, Edge will take s...
Forensafe
08/09/2023 Friday Android phone contacts refer to the collection of names, phone numbers, email addresses, and other relevant details of individuals or organizations that a phone user has stored in his/her mobile phone. These contacts allow the phone user to easily call, message, or email people without having to remember their contact information each time. Digital Forensics Value of Android Contacts Contacts can provide insight into the communication patterns of the device owner. They provide ...
Manuel Guerra at GLIDER.es
Marcelle
Marcelle Lee·Follow6 min read·5 days ago--ShareThis is the second of my TryHackMe (THM) walkthroughs. THM is a fabulous platform for learning, with a wide variety of topics and skill levels. The Snapped Phish-ing Line room I am covering in this post is free for registered users.There are no special tools required, simply launch the provided virtual machine (VM) through the link in Task 1. Note the disclaimer “The phishing kit used in this scenario was retrieved from a real-world phishing campaig...
Salvation DATA
A Complete Guide for Database Analysis 👉 5 Steps Work Tips 2023-09-08 Content Overview Steps for database analysis in a case Notes Content Overview Steps for database analysis in a case Notes Overview In recent years, with the frequent occurrence of online gambling and online fraud cases, database forensics is becoming more and more important. Because a large amount of evidence is stored in the database, thus the database analysis & database forensics plays a vital role in helping investigators ...