本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Abrar Hussain
Small Things Matter in DFIR#1: Persistence without Privileges! Report this article Abrar Hussain Abrar Hussain Threat Hunter | GCFA - DFIR Published Dec 5, 2023 + Follow Windows 11: The easy persistence location for a Red Teamer to implant malware with user-level privileges and for a Threat Hunter to identify low-hanging fruit.Successfully phished users' hosts maintain persistence fingerprints in specified paths to survive reboots.Why not Registry?No Admin Rights, No Modification Most of the tim...
Belkasoft
Introduction For digital forensics and incident response (DFIR) specialists, the scene of a cyber incident or crime often presents a challenge: a multitude of potential evidence sources and limited time to conduct on-site examination. In such situations, a comprehensive forensic analysis proves too lengthy and demanding to execute, while taking every piece of hardware back to the lab is not just impractical—it is often impossible. One of the ways to address this challenge is triage. It entails e...
CCL Solutions
In the first of our new 'Digital Forensics Essentials' series, Principal Analyst, Alex Caithness, kicks things off with a dive into the epoch timestamp.Establishing when an event occurred is a fundamental part of almost every digital investigation, so understanding how systems store timestamps is essential. In this vlog, Principal Analyst Alex Caithness, explains how one of the most common methods of encoding timestamps: the epoch timestamp, works.The video covers the basic mechanism used to enc...
Cellebrite
Fabio Poloni at Compass Security
December 6, 2023 / Fabio Poloni / 0 Comments In the era of the internet, scams vary in forms, targeting those who aren’t cautious. Lately, a fresh scam focused on Switzerland has gained attention on social media and in the news. This scam revolves around job offers from a seemingly genuine headhunting company. I chose to engage with the scammers to uncover the secrets of this scheme. Here’s what happened. Headhunting for the Chief of Victims My curiosity drove me to explore the deceptive realm o...
Digital Daniela
12/6/2023 0 Comments Hello Everyone!I decided to learn about SIEMs recently in particular Splunk on TryHackMe. Here is what I learned to do! 1. Find Amount of Events In Log FileAfter importing the data the TryHackMe room provides, the answer is given to you, if you look at the bottom of the search filter box, you see a number of events. It is 2,862 events. 2. Find Number of Events Associated with Maleena I clicked on the "UserName" section as shown on the left, then I was able to see the events ...
Emi Polito at Amped
Emi Polito December 5, 2023 We are now in December and getting close to Christmas and New Year festivities! We are also getting close to the end of our “Learn and solve it with Amped FIVE” series. But we still have a handful of articles in store for you, which we hope you will find the time to read, leading up to the holiday period. This week we are going to discuss how to separate a fingerprint from the background. Contents 1 Identifying Suspects via Their Fingerprints 2 Increasing Fingerprint ...
Shanna at Fancy Forensics
Forensafe
Solving Cellebrite's September 2023 CTF (Sharon's Android device) Using ArtiFast 08/12/2023 Friday Cellebrite held their yearly CTF last month and this year the challenge featured 4 devices, belonging to 4 different suspects. In this blog, We will use ArtiFast to answer the questions associated with one of the suspects devices (Sharon O'Neils Samsung Galaxy S21). The Scenario: Terror attacks were planned for Southport, NC in June of 2023. Russell, the primary suspect, lives locally in that area ...
Forensic Science International: Digital Investigation
Naufal Arkaan at MII Cyber Security
CAPA for Triage Malware AnalysisNaufal Arkaan·FollowPublished inMII Cyber Security Consulting Services·2 min read·6 days ago--ListenShareWhat is Capa?According to Mandiant, Capa is an open-source tool for analyzing malicious programs. Capa provides a framework for the community to encode, recognize, and share behaviors that we’ve seen in malware. Capa detects capabilities in executable files. It can run against a PE, ELF, .NET module, or shellcode file and it tells what it thinks the program can...
Mohammed AlAqeel (AlJawarneh)
Report this article Mohammed AlAqeel (AlJawarneh) Mohammed AlAqeel (AlJawarneh) Subject Matter Expert in Digital Forensic Incident Response (DFIR) |Cyber Threat Intelligence(CTI)|Cyber Defense Consultant| Detection & Threat Response (DTR) - GCFA | GCFE| GCTI| eCMAP| OSINT/SOCMINT | IT and OT. Published Dec 7, 2023 + Follow Who’s during the investigation looking for file history backup? since this feature is turned off by default. But if it is turned on there are multiple interesting values to In...
