本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Adam at Hexacorn
Posted on 2023-09-16 by adam Nearly two years ago I published a quick summary of my analysis of NSRL data. I believe I was the first one to publicly evaluate this data set, and I still stand by the harsh conclusions I reached back then, today. And what makes me really happy about that 2 year old analysis is a small ripple effect that my posts caused… I really loved this DFIR science follow-up post – not only Joshua followed my steps and delivered some nice data crunching on the NSRL core dataset...
Alexander Tasse
Blue Team Labs — “Network Analysis — Malware Compromise”Scenario:3 min read·Aug 19--AlexanderEnrichIP v2.0Updated Code can be found at:2 min read·Sep 7--AlexanderBlue Team Labs — “Network Analysis — Web Shell”Scenario:5 min read·Aug 21--See all from AlexanderRecommended from MediumPiyush KumawatUnveiling the Power of OSINT: Access anyone’s locationIn today’s digital age, information is power, and harnessing the right tools can make all the difference. One such tool that has been…2 min read·6 day...
Emi Polito at Amped
Emi Polito September 12, 2023 Dear colleagues, welcome back to our series “Learn and solve it with Amped FIVE“, dedicated to common enhancement workflows in Amped FIVE! This week we are going to address perspective issues in images and video and how we can improve the visibility of an object of interest, such as a license plate, using the Correct Perspective filter. Contents 1 Why Is Perspective an Issue? 2 Preparing for the Correct Perspective Filter 3 Applying the Correct Perspective Filter 4 ...
Belkasoft
Introduction When conducting a digital investigation, application artifacts like chats and browsers are usually the first in line to explore. With iOS devices, however, system files have great potential, too. Apple devices record and store various user settings and activities, and some of these records may help build a picture of events and reveal crucial evidence. In this article, we will look into a few notable iOS system artifacts, such as: CellularUsage.db Accounts3.sqlite ADDataStore.sqlite...
Oleg Afonin at Elcomsoft
September 12th, 2023 by Oleg AfoninCategory: «General» In this tutorial, we will address common issues faced by users of the iOS Forensic Toolkit when installing and using the low-level extraction agent for accessing the file system and keychain on iOS devices. This troubleshooting guide is based on the valuable feedback and data received by our technical support team. What kind of troubles are we shooting? In this guide, we won’t dive into the inner workings of the extraction agent, which lever...
Forensafe
15/09/2023 Friday As we use our smartphones to access various apps, we often provide our login credentials to those applications. Android accounts artifact contains information related to the different user accounts registered in the mobile phone throughout various applications. Digital Forensics Value of Android Accounts Android Accounts artifact stores records of all the user accounts that have been used on a device, including email accounts, social media accounts, and other online services. T...
Haircutfish
Wireshark: Packet Operations — Task 3 Statistics | Protocol Details, Task 4 Packet Filtering | Principles, & Task 5 Packet Filtering | Protocol FiltersHaircutfish·Follow12 min read·5 days ago--ListenShareIf you haven’t done tasks 1& 2 yet, here is the link to my write-up of them: Task 1 Introduction & Task 2 Statistics | SummaryGetting the VM StartedStarting at Task 1, you will see the green Start Machine button. Click this button to get the VM Started.Scroll to the top where the banner is. On t...
TryHackMe Wireshark: Packet Operations — Task 6 Advanced Filtering & Task 7 ConclusionHaircutfish·Follow10 min read·2 days ago--ListenShareIf you haven’t done tasks 3, 4, and 5 yet, here is the link to my write-up of them: Task 3 Statistics-Protocol Details, Task 4 Packet Filtering-Principles, & Task 5 Packet Filtering-Protocol FiltersGetting the VM StartedStarting at Task 1, you will see the green Start Machine button. Click this button to get the VM Started.Scroll to the top where the banner i...
Korstiaan Stam at ‘Invictus Incident Response’
Automated AWS Incident Response — The next episodeInvictus Incident Response·Follow6 min read·5 days ago--ListenShareFollow us on LinkedIn | Twitter | GitHub| MediumBackgroundWe’ve written quite a few blogs on AWS incident response [1],[2] and most recently on how you can use Sigma and Athena for incident detection and response. Today, we’re proud to announce a large update of Invictus-AWS, our open-source tool for AWS IR. With this tool we aim to further automate the acquisition and analysis of...
Jaspreet Singh at Mailxaminer
Google Takeout Forensics: The Art of Investigation [Explained] Jaspreet Singh | Published: 13-09-2023 | Forensics | 6 Minutes Reading When forensic experts are tasked with Google Takeout forensics or Gmail Email Forensics analysis, they often use a Google export utility known as Google Takeout. Google offers this tool which allows you to download data from various Google services. This includes Gmail, Google Drive, Google Calendar, and more. They use this utility because it offers a simple and d...
Mattia Epifani at Zena Forensics
iOS Forensics: tool validation based on a known dataset - Preamble By Mattia Epifani - September 15, 2023 Hello world, it’s been a while since my last series of blog posts! But now I am ready to share with you the results of my recent research. I face many different challenges in my daily work as a digital forensics analyst, who deals mainly with mobile devices. All modern smartphones are encrypted (usually with file-based encryption (FBE)), so obtaining or cracking the passcode is required to g...
MikeCyberSec
Supercharged SecOps Series— Forensics Triage with Azure and KQL 🚀@mikecybersec·Follow5 min read·2 days ago--ListenShare//unsplash.com/photos/dCgbRAQmTQAIntro to the Supercharged SecOps seriesWelcome to my new blog series; Supercharged SecOps. In this series I will aim to share real insights into how to scale your Security Operations Centre to the next level! This series will cover DFIR, ticketing, automation and leveraging cloud services in a SOC.Recently I’ve been working on ways to improve som...
Oxygen Forensics
with Oxygen Corporate Explorer. September 11, 2023 Users of Oxygen Corporate Explorer can now remotely extract data from mobile devices. Follow the step by step to help aid in your investigation. In order to aid companies in preventing and investigating data leaks and other corporate incidents, we have developed remote data extraction from mobile devices. Starting with Oxygen Corporate Explorer v.1.1, users can remotely extract data from corporate mobile devices with Android versions 4.1 to 13. ...
Ranjith A
Remote collection of Windows Forensic Artifacts using KAPE and Microsoft Defender for Endpoint.Ranjith A·Follow5 min read·2 days ago--1ListenShareIn this blog, I will demonstrate how you can remotely collect windows forensic artifacts/triage image using KAPE and Microsoft Defender for Endpoint.Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats.KAPE, a digital forensic tool ...
