本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Amped
Emi Polito October 10, 2023 Hello everyone and welcome to a new article in our “Learn and solve it with Amped FIVE” series. We hope you are enjoying this series, dedicated to solve common challenges related to video evidence using Amped FIVE. This week we are going to discuss the issue of uneven illumination in a scene, which may prevent us from discerning detail. One common example of such an issue is backlighting, which occurs when we have an object or subject of interest located between a lig...
Marco Fontani October 11, 2023 The rapid advancement of artificial intelligence (AI) is nowadays transforming various aspects of human life. Recent breakthroughs in large language models have empowered them to produce essays indistinguishable from human writing. Similarly, AI has gained the ability to create images from simple textual prompts, generating seemingly authentic yet entirely fabricated images. This remarkable capability of AI to synthesize realistic images raises significant concerns...
Digital Daniela
10/13/2023 0 Comments Hello everyone!I did a task in TryHackMe that teaches you how to investigate traffic in NetworkMiner. NetworkMiner is a program that allows the analysis of PCAP files. It can extract files, IP addresses, packets, credentials, and so much more! Here is what I learned! 1. Finding the Amount of Frames SentIn the right side, you will see the "Metadata" section. There, you will find the amount frames, here it is 460. 2. Finding How Many Other Hosts Share a MAC Address with 145.2...
Justin De Luna at ‘The DFIR Spot’
Artifacts of Execution: Prefetch - Part OneWelcome to Part One of the "Artifacts of Execution" blog series! As the title states, this will be dedicated to the "Prefetch" file and how it can be used from a forensics perspective. The Rundown:Used to preload a snippet of code in commonly used applications to ensure they open faster Prefetch files will not identify the user that executed the application Limited to 1024 files on Windows 8+ systems Located within C:\Windows\PrefetchCompressed files Wi...
Kevin Pagano at Stark 4N6
Cellebrite CTF 2023 - Abe Posted by Kevin Pagano October 09, 2023 Get link Facebook Twitter Pinterest Email Other Apps After a year hiatus Cellebrite was back in full force with another lengthy CTF challenge. This year featured 4 different phones, 2 iPhones and 2 Android devices.Challenge details can be found on Cellebrite's blog. We are going to start with Abe since in my opinion was the easiest of the bunch and one of the only ones where our team completed 100% (shout out to Heather and Alexis...
Cellebrite CTF 2023 - Felix Posted by Kevin Pagano October 11, 2023 Get link Facebook Twitter Pinterest Email Other Apps Previous: AbeRound 2 goes to Felix (not the cat as seen above 😂) as part of the Cellebrite CTF 2023. We get another iPhone image to analyze.Evidence Download: Felix | Official Cellebrite WriteupFelix 01 - Voicemail 📼 (10 points)Felix received a voicemail from +1-416-435-5684. How many seconds in length was the voicemail message?The voicemail database lives at the path:filesyst...
Magnet Forensics
Geolocation artifacts are forensically valuable data created by GPS or other location-based technologies on a device that determine an individual’s geographic location. This data can be useful in various investigations related to crimes or other incidents. In today’s digital age, the use of mobile devices has become pervasive across different domains. With the increase in usage, the role of geolocation in mobile device investigations has become more crucial than ever. Geolocation Artifacts in In...
Mobile smartphones have become engrained in our daily lives, so when someone commits a crime, mobile data is almost always a critical source of evidence. Magnet GRAYKEY provides the ability to quickly extract encrypted or inaccessible data from mobile devices on locked iOS and leading Android devices. However, most criminal investigations typically include multiple mobile devices, and it takes time to access and extract the data from each device to determine what truly happened. To help forensic...
Communication artifacts are digital breadcrumbs suspects leave behind in the form of emails, social media, native chat applications like the Messages app on iOS, or a third-party application like Signal. These communication artifacts help investigators uncover important connections and unlock the truth. They can reveal what was said, when it was said, and who said it to whom. Communication Artifacts in Investigations Chat message content and the involved parties to those messages can be an extre...
Web browser activity artifacts are digital clues suspects create when they use web browsers on mobile devices. Browser history, cookies, cache, and file downloads are all web activity artifacts that investigators may find useful during a mobile device investigation. Knowing which browsers are installed, along with their specific artifacts, can be great information to have in any investigation. While we’ve come to expect things like Safari-related artifacts on an iOS device, Apple has (in more re...
Oxygen Forensics
Close Search for: Solutions Solutions Law Enforcement & Government Agencies Service Providers Enterprise Products Products Oxygen Forensic® Detective Oxygen Analytic Center Oxygen Corporate Explorer Oxygen Forensic® Detective Network Oxygen Forensic® Kit Oxygen Forensic® Cable Kit Our Training Our Training Training Events Training Partners Course Descriptions Certifications All-Access Pass Academic Programs Resources Oxygen Forensic® Detective Oxygen Analytic Center Oxygen Corporate Explorer Com...
Bill Marczak, John Scott-Railton, and Ron Deibert at The Citizen Lab
Amnesty International’s Security Lab has just published Caught in the Net as part of the European Investigative Collaborations‘ Predator Files, which details a threat actor sending what they assess to be Predator infection links on social media in replies to Twitter / X posts by officials, journalists and other members of civil society. The Citizen Lab independently received and collected a set of since-deleted posts by this threat actor, which we call REPLYSPY. Our findings align with the Secur...
The Security Noob
Posted on 09/10/202309/10/2023 Following on from the previous [DFIR TOOLS] posts. [DFIR TOOLS] Timeline Explorer, what is it & how to use! [DFIR TOOLS] AmcacheParser, what is it & how to use [DFIR TOOLS] AppCompatCacheParser, what is it & how to use! [DFIR TOOLS] bstrings, what is it & how to use! [DFIR TOOLS] EvtxECmd, what is it & how to use! [DFIR TOOLS] Hasher, what is it & how to use! First lets see what JumpLists are? Jump Lists are a feature in Microsoft Windows that provide quick access ...
