本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Emi Polito at Amped
Emi Polito October 17, 2023 Hello folks and welcome back to our “Learn and solve it with Amped FIVE” series. You may remember the very first article of our series, in which we discussed motion blur in quite some detail. Well, this week we are going to talk about optical blur and how to deblur a hazy image to read text, such as a license plate. Contents 1 Optical Blur 2 The Point Spread Function 3 The Optical Deblurring Filter 4 Conclusions Optical Blur Optical blur (unlike motion blur) is caused...
Belkasoft
Introduction Telegram is one of the world's most popular messaging applications with over 700 million monthly active users. It has evolved from a simple messenger into a comprehensive ecosystem offering features like groups and channels, making it akin to a social media platform. However, not all users and entities on Telegram are legitimate. Those channels and groups are extremely easy to create and delete, and there are cases when they are used to sell illicit goods and run fraudulent activiti...
Digital Daniela
10/21/2023 0 Comments Hello everyone!I did a TryHackMe room where I investigated an incident involving a suspicious e-mail! Here is how I did it! Step 1: Examining the E-Mail File I opened up the e-mail file, and noted the recipient of the e-mail which is highlighted in the screenshot below: The e-mail also had an attachment which I saved to my virtual machine in TryHackMe. Step 2: Calculating the Hash Value of the Attachment. I then went into the Properties of the attachment, and went to the "D...
Jerry Chang
Sony IR Internship Capstone - Cyber Attack Simulation & Forensics (Forensics) Get link Facebook Twitter Pinterest Email Other Apps October 15, 2023 This article was my first Capstone Project when I was an Incident Response Intern at Sony in the summer of 2023. The first part was about documenting the methods used to simulate two types of cyber-attacks (Phishing, metasploit reverse shell), and the second part was a full stage forensics and investigation.Attack Simulation: //jrychang0621.blogspot....
Sony IR Internship Capstone - Cyber Attack Simulation & Forensics (Attack Simulation) Get link Facebook Twitter Pinterest Email Other Apps October 15, 2023 This article was my first Capstone Project when I was an Incident Response Intern at Sony in the summer of 2023. The first part was about documenting the methods used to simulate two types of cyber-attacks (Phishing, metasploit reverse shell), and the second part was a full stage forensics and investigation.Attack Simulation: //jrychang0621.b...
Joshua Hickman at ‘The Binary Hick’
Binary Hick Android, Mobile 2023-10-17 11 Minutes Lost. But not. I am a firm believer that digital forensic artifact discovery is, at times, equal parts persistence and luck, with the latter being a combination of preparation and opportunity. You really never know what you will discover until you actually start looking. Sometimes you start looking for evidence of A and end up finding evidence of B. This year’s Cellebrite CTF resulted in my finding data in a Google Maps artifact that I was aware ...
Justin De Luna at ‘The DFIR Spot’
Often during my discussions with other analysts or people interested in the field, I'm asked about Web Servers and how to investigate incidents regarding them. Yes.. I know I know, I have general conversations about web servers compromises. What can I say, I enjoy DFIR! However, during these discussions, it becomes clear that there is a mystery that seems to shroud web servers. How can these become compromised? When they're compromised, what artifacts/logs exist? The good news is, if you're some...
Korstiaan Stam at ‘Invictus Incident Response’
Everything you need to know about the MicrosoftGraphActivityLogsInvictus Incident Response·Follow6 min read·5 days ago--ListenShareFollow us on LinkedIn | Twitter | GitHub| MediumWant to learn how to respond to cloud incidents, learn our secrets..BackgroundWhy are we so excited about the Microsoft Graph Activity log that is now in public preview? For cloud incident responders it has been a problem that calls made using the Graph API were only partially audited which causes blind spots for detect...
Magnet Forensics
Application artifacts are an important data source in mobile device investigations. Identifying what applications are installed on the device and have been in use can be another investigative goal. This can help during the initial stages of an investigation when you may try to triage available data sources and determine which are of primary interest. Determining that a specific application is installed, like Snapchat, may help to corroborate other information case investigators have. You may hav...
Media artifacts on a device – both captured with the device’s on-board cameras and transmitted to the device through various methods – can be another area of interest during an investigation. Media items are often a source of geolocation data, particularly those captured using device cameras. Media items have become a crucial piece of evidence collection in mobile device investigations. They can provide visual proof of a crime or an alibi. Photos, videos, voice recordings, and GIFs can help digi...
Mobile device artifacts have grown in importance as cell phones have become an integral part of everyday life (so much so that you can see many videos on social media where users are so engrossed in their devices that they walk into a fountain, bushes, or even traffic!) As entertaining as these videos can be, mobile devices are often connected to many crimes. In speaking with numerous law enforcement agencies, examiners have mentioned that mobile devices are present in most cases. Digital forens...
Mari Degrazia at ZeroFox
Monty Security
Analyzing a Multi-Stage LNK Droppermontysecurity·Follow5 min read·2 days ago--ListenShareIntroductionLNK files are Windows shortcut files that are common during initial access. The Malware Hunter Team recently tweeted about a sample. I dove in to unravel it and it turned out to be a fairly interesting one involving VBScript and PowerShell; if you spot a mistake in the analysis, just DM me :)Initial Payload//twitter.com/malwrhunterteam/status/17142300869567328421dc3418db90285df1aed8b120ad83874a7d...
Nick Pockl-Deen
[…] LikeLike Reply Leave a Reply Cancel reply Δ Powered by Gridware and Coffee ☕️ Blog at WordPress.com. Loading Comments... Write a Comment... Email (Required) Name (Required) Website Comment Follow Following NPD4n6: Nicks DFIR blog Sign me up Already have a WordPress.com account? Log in now. NPD4n6: Nicks DFIR blog Edit Site Follow Following Sign up Log in Copy shortlink Report this content View post in Reader Manage subscriptions Collapse this bar %d bloggers like this:
Salvation DATA
Home Products Forensic Expert Solutions Products: Digital Forensic Lab Video Investigation Portable 2.0 Database Forensic Analysis System SmartPhone Forensic System Professional Data Recovery System Big Data Forensics Data Recovery & Repair Product category: Database Recovery System Products: DBR for MySQL DBR for Oracle DBR for SQLServer Surveillance Video Recovery System Products: SVR for Hikvision SVR for Dahua SVR for Honeywell File Repair Master Products: Solutions Law Enforcement Military ...
