解析メモ

マルウェア解析してみたり解析に役に立ちそうと思ったことをメモする場所。このサイトはGoogle Analyticsを利用しています。

4n6 Week 48 – 2023 - FORENSIC ANALYSIS

本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。

FORENSIC ANALYSIS

Me with contributions from Andrew Skatoff and Zach Stanford and hopefully others.

Home Initializing search Home Repository Resources Contact The RULER Project Home Home Table of contents What is the RULER project? What is the RULER project not? Roadmap How to contribute Current contributors Repository Repository Anti-Virus Anti-Virus AVG Avast Avira Bitdefender Combofix ESET Emsisoft Fsecure HitmanPro Kaspersky Malwarebytes Mcafee Microsoft Defender N-able AVDefender RogueKiller Anti-Malware SUPERAntiSpyware SecureAge Sophos Symantec endpoint protection TotalAV Antivirus Tren...

Adam at Hexacorn

Belkasoft

Introduction Deleted data is a crucial aspect of digital evidence. While suspects' chats and files provide valuable insights, finding out what they attempted to hide can be pivotal in solving a case. In mobile forensics, where physical acquisition is a rare possibility, hunting for deleted data can be a tricky task for both forensic tools and investigators. The diversity of mobile applications adds to the complexity—even the same application can manage data storage differently in different opera...

Cado Security

Emi Polito at Amped

Emi Polito November 21, 2023 Hello, jolly good people! Nice to see you popping back for another article of our “Learn and solve it with Amped FIVE” series. This week we are going to focus on people, in particular, we’ll have a look at the workflow required to enhance and optimize facial detail. This is similar to that which we use for license plates but with some fundamental differences we all ought to know about! Contents 1 The Issue with Face Recognition 2 Recommended Video Workflow for Facial...

Felix Guyard at ForensicXlab

November 18, 2023 7-minute read Memory Forensics DFIR • Volatility • Memory Forensics Abstract Link to heading The Master File Table (MFT) is the core metadata structure for the New Technology File System (NTFS). This table can be seen as a database that contains every information needed to describe all the files. The MFT itself is stored on the disk, usually in a reserved area at the beginning of the partition. When accessing a file on an NTFS volume, the operating system looks up the file’s MF...

Forensafe

24/11/2023 Friday Gmail is the default email service for many Android devices due to its integration with the Android operating system, both of which are developed by Google. As a result, numerous Android smartphones and tablets come pre-installed with the Gmail application. The Gmail app enables users to effortlessly access their Gmail accounts and manage emails. This application offers a range of features, including an easy-to-use interface, real-time synchronization across multiple devices an...

Inginformatico

Artefactos forenses de Linuxinginformatico·Follow2 min read·4 days ago--ShareAquí os presento algunos de los artefactos forenses que podemos revisar, a la hora de realizar una investigación forense a una máquina Linux.[English version]1.Registros del sistema:/var/log/: comprueba los archivos de registro en este directorio, incluidos syslog, auth.log y otros. Estos registros pueden proporcionar informaciónsobre eventos del sistema, inicios de sesión de usuarios y otras actividades.2.Información d...

Josh Lemon

Josh Lemon·Follow4 min read·Nov 19--ListenShareThis blog post will examine the NTFS file system being used on macOS with the Mounty driver, and the conditions that cause timestamps to change based on different file operations while using a macOS device.This post is the second in a series I’ll post over the next few weeks, the exact number will depend on how much time I get and how many different file systems and operating systems I can think of — and get access to. If you missed the previous pos...

Invictus Incident Response

A Defenders Guide to GraphRunner — Part IIInvictus Incident Response·Follow13 min read·3 days ago--ListenShareFollow us on LinkedIn | Twitter | GitHub | Medium Want to learn how to investigate cloud incidents? Take our training!IntroductionYou can find Part I of this series here. In the second and final part we will look at the remaining modules and share some advice on how to prevent Graph API abuse. Since the release of the first blog, the creators of GraphRunner did a talk on the inner workin...

Mattia Epifani at Zena Forensics

iOS 15 Image Forensics Analysis and Tools Comparison - Browsers, Mail Clients, and Productivity apps By Mattia Epifani - November 23, 2023 The fifth episode is dedicated to three categories of third-party apps: browsers, mail clients, and productivity apps.There are 6 browsers, 3 mail clients, and 3 productivity applications available in Josh Hickman’s acquisition. The 6 browsers are listed below, in alphabetical order.BraveDuckDuckGoFirefoxFirefox FocusGoogle ChromeMicrosoft EdgeThe 3 mail clie...

Ramo J at Open Source DFIR

Get link Facebook Twitter Pinterest Email Other Apps By Ramo J November 19, 2023 What is GRR?GRR Rapid Response (or GRR) is an incident response framework focused on remote live forensics. It is a tool that communicates with its deployed endpoint agents to collect and deliver forensics artifacts to an incident responder for analysis from one machine or thousands. This article assumes you’re already familiar with using GRR in a production environment. GRR is GRReat! But...GRR is a beneficial tool...

Yarden Shafir at Trail of Bits

Post November 22, 2023 Leave a comment By Yarden Shafir Why has Event Tracing for Windows (ETW) become so pivotal for endpoint detection and response (EDR) solutions in Windows 10 and 11? The answer lies in the value of the intelligence it provides to security tools through secure ETW channels, which are now also a target for offensive researchers looking to bypass detections. In this deep dive, we’re not just discussing ETW’s functionalities; we’re exploring how ETW works internally so you can ...