本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Emi Polito at Amped
Emi Polito September 26, 2023 Good day, jolly people! We are back this week with our series “Learn and solve it with Amped FIVE” to talk about filter tips for the most common workflow scenarios in Amped FIVE! This time around we will talk about video deinterlacing. It’s another problem that we inherit from the conversion of analogue video into digital. Let’s go back in time and learn some more about it! Contents 1 From Cinema to Television 2 How to Deal with Interlaced Video 3 Applying the Deint...
Belkasoft
Introduction The Windows registry is a structured database housing configuration settings for Microsoft Windows operating system (OS) components and numerous applications. For digital forensic examiners investigating Windows machine data, it is one of the primary places to look for traces of malicious or illicit activity on the system. The registry keeps track of OS and application settings and user-specific data. While users typically do not interact with it directly, their activities are often...
Chris Brown at Corelight
Using Corelight to Identify Ransomware Blast Radius Using Corelight to Identify Ransomware Blast Radius September 29, 2023 by Chris Brown Subscribe to blog X Sign up for blog updates Over the past few months, ransomware targeting healthcare organizations has been on the rise. While ransomware is nothing new, targeting healthcare organizations, at the extreme, can impact an organization’s ability to engage in anything from routine office visits to life-or-death diagnoses, treatments, and patient ...
Forensafe
29/09/2023 Friday Facebook Messenger is a cross platform instant messaging application from Meta. Facebook Messenger is the main instant messaging application for Facebook, and Instagram. The application provides users with the ability to exchange messages, media, files, and supports voice and video, These features available in private chats as well as group chats. Digital Forensics Value of Android Facebook Messenger Android Facebook Messenger is a treasure trove for forensic analysts, brimming...
HackTheBox
Kathryn Hedley at Khyrenz
Let me start by saying that, yes: many tools already exist to parse information out of the Windows Registry. However, while I was conducting my own tool validation processes (see //github.com/khyrenz/tool_validation), I realised that very few tools parse this information out and automatically populate the kind of table that I would be adding into my forensic report.So... I did a bit of R&D, and I present to you a Python script that does just that; creatively named parseusbs!You can download the ...
Mattia Epifani at Zena Forensics
iOS 15 Image Forensics Analysis and Tools Comparison - Processing details and general device information By Mattia Epifani - September 29, 2023 As explained in the first blog post, I would like to start discussing the acquisition and processing details.The acquisition was done by Josh Hickman using the Cellebrite Premium tool and the result is a Full File System capture in the traditional file format created by UFED.If you open the file EXTRACTION _FFS.zip ZIP you will see that UFED organizes th...
Oxygen Forensics
. September 26, 2023 Learn how to execute APK Downgrade in Oxygen Forensic® Detective. The Android ADB backup is one of the methods that is used to acquire evidence from unlocked Android devices. However, with this approach, investigators cannot extract applications of the latest version because their data is not included in the backup by the app provider. As a result, a parsed Android backup will contain very few app artifacts. Fortunately, there is a solution that is widely used in digital for...
Synacktiv
Rédigé par Julien Legras , Mehdi Elyassa - 22/09/2023 - dans Outils , Pentest - Téléchargement This article tells our journey inside the ESE database and the NTDS features that led us to produce the ntdissector tool, suitable for offensive and defensive actions. Introduction In the end of 2022, we had to perform a password audit for a customer. As usual, we extracted the hashes from the NTDS.dit file and cracked as many as we could. In addition, our customer wanted us to provide statistics b...
Rédigé par Nathanael Ndong - 27/09/2023 - dans CSIRT - Téléchargement Legitimate data transfer tools are more and more used by threat actors. During our incident response engagements, we often see the use of several administration tools, including tools for transferring data to SFTP servers or directly to the cloud. These are widely used by attackers as means of exfiltration. The issue of exfiltrated data is one of the most important and hardest topic in the case of ransomware incidents. As ...
The DFIR Report
Salim Salimov
ANALYSING PCAP FILES WITH WIRESHARKPART 1Salim Salimov·Follow7 min read·5 days ago--ListenShareHello everybody,In one of my previous posts I have given little bit information about Wireshark and how to install and use it in Linux OS , you can check it out here: //medium.com/@salim.y.salimov/wireshark-in-ubuntu-or-linux-mint-74d62032d4a5Today I am going to demonstrate how to find out what’s hidden in a sample .pcap file,using Wireshark and it’s functions as a tool for analyzing suspicious network...
