本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Alexis Brignoni at ‘Initialization Vectors’
Have you heard about binary JSON in SQLite? I hadn't. Today I was made aware of it by digital forensics examiner and software developer extraordinaire Alex Caithness. The latest SQLite version (Version 3.45.0) has the ability to encode and decode JSON data from plain text to binary format and back. Details of this functionality can be found here: //sqlite.org/draft/jsonb.htmlWhy would this data need to be in binary format? Per the jsonb specification there will be a reduction in data size as wel...
Belkasoft
Introduction Android devices come in various brands and models, featuring different chipsets and operating system flavors. This diversity poses challenges when you acquire them as a source of evidence in digital forensics and cyber incident response (DFIR) investigations. Despite the open-source architecture of Android, which provides advanced ways to interact with devices, ongoing enhancements in OS and application security create additional complexities. Most modern mobile devices are equipped...
Nate Bill at Cado Security
CCL Solutions
ServicesDigital Forensics- Computer forensics- Mobile forensics- Cell site analysis- Outsourcing- Collections services- Digital accreditation - TrainingInvestigative Services- Digital Investigations- Disclosure & data review- Incident Response- Post-breach investigations- Cyber InvestigationsCyber Security- Penetration testing- Red teaming- IT health check- Vulnerability assessments- Secure code review- Phishing assessments- Social engineering- Remote working- Accreditation consultancyConsultanc...
Foxton Forensics
19 January 2024 We recently added support to Browser History Examiner (BHE) for parsing Local Storage and IndexedDB data from Chromium web browsers such as Google Chrome and Microsoft Edge. This allows us to access additional data that has been stored on the user’s device by websites and web applications they have visited.This also allows us to analyse the data of some desktop apps that use the Chromium browser engine in the background, for example the Microsoft Teams desktop app. Here’s a brief...
International Journal of Electronic Security and Digital Forensics
Kevin Pagano at Stark 4N6
Posted by Kevin Pagano January 18, 2024 Get link Facebook Twitter Pinterest Email Other Apps We looked at the iOS version of Life360 recently and now we get a chance to look at the Android side this time. There were three database files of interest that I was able to find under the path:data/data/com.life360.android.safetymapd/databasesChatsChat messaging is possible through Life360, they are found in the database at path:data/data/com.life360.android.safetymapd/databases/messaging.db*The tables...
Lee Holmes at Precision Computing
Sun, Jan 14, 2024 2-minute readOnce in a while, I’ll stumble on a question online (or get an email) from a person wondering “Who the heck is leeholm16?”If you’re reading this post, you’re likely one of them :)I never know exactly what situation leads people to ask the question, but they’ve invariably started using a forensic parsing tool against Windows PowerShell.lnk or Windows PowerShell (x86).lnk. For example, here is the forensic analysis of the LNK file included in a SANS408 course. It come...
Lionel Notari
iOS Unified Logs - The use of the DictaphoneDisclaimer: tested in iOS 16 and 17.Before we begin... I want to wish you a wonderful year 2024! I also want to express my gratitude for the numerous positive feedback received after my latest article on phone calls. You can find it here in case you missed it.I recently wrote an article about investigating iOS Unified Logs specific to WhatsApp (which you can find here), and following that, the question about the use of the dictaphone came up multiple t...
Luke Bradley
Report this article Luke Bradley Luke Bradley Director, SouthEast Asia and Australia at Alvarez and Marsal | Disputes and Investigations | Forensic Technology Services Published Jan 15, 2024 + Follow Within the world of digital forensics and litigation, criminal, civil or otherwise, for investigative purposes, it is crucial to exercise extreme care and refrain for 'ad-hoc' non forensic examinations of digital devices during the preservation of digital evidence. This underscores the pivotal role ...
Maher Yamout at Securelist
Research 16 Jan 2024 minute read Table of Contents IntroductionOverview of an iOS artifact: Shutdown.logMalware detections and lessons learnedAnalysis scriptsScript 1: iShutdown_detectScript 2: iShutdown_parseScript 3: iShutdown_statsConclusion Authors Maher Yamout A reboot a day can keep the ******** away Introduction In the ever-evolving landscape of mobile security, hunting for malware in the iOS ecosystem is akin to navigating a labyrinth with invisible walls. Imagine having a digital compas...
Mattia Epifani at Zena Forensics
By Mattia Epifani - January 14, 2024 During the forensic examination of a smartphone, we sometimes need to understand some basic settings of the device. Some simple examples are:What is the name of the device?Is the "Set time automatically" option on or off?Is the "Set time zone automatically" option on or off?Is mobile data switched on or off?Is mobile data roaming switched on or off?On Android devices, most of these settings are managed centrally by the Android settings provider. The source co...
By Mattia Epifani - January 18, 2024 Android 14 was released to the public by the Open Handset Alliance on October 4, 2023, and is now available on various smartphones, including the Google Pixel.This blog post aims to explore a list of the majr oartifacts you can find on this version of the Android OS. For testing and review, I set up a Google Pixel 7A and used it for about a month, with a SIM card and various native and third-party apps installed.The blog post is organized by sections:Device i...
Plainbit
안혜송 2024년 01월 15일 7 분 소요 이 글에서는 IGNITE 수집 단계에 대해 설명하고, 원격 수집하는 방법에 대해 다룬다. 이 글을 읽기 전 Introduce Magnet IGNITE를 먼저 읽는 것을 추천한다.IGNITE를 이용한 수집은 3단계(케이스 생성 & Agent 생성 → Agent 배포 → 수집)로 이루어진다.[그림 1] IGNITE 수집 단계1. 케이스 생성 & 수집 Artifacts 지정지원되는 브라우저(Chrome, Firefox, Edge)에서 웹사이트(Magnet IGNITE)에 접속한 후 이메일 주소를 사용해 로그인하면 케이스 목록을 확인할 수 있고, 'CREATE CASE'를 선택해 새로운 케이스를 만들 수 있다.[그림 2] CREATE CASE 화면1.1 케이스 세부 사항 설정먼저 케이스의 이름을 입력하고, 지역을 선택해 준다.[그림 3] Case Details 화면1.2 Agent 세팅'Agent Settings'의 'ARTIFACTS FOR'에...
System Weakness
SOC175 — PowerShell Found in Requested URL — Possible CVE-2022–41082 Exploitation
SOC170 — Passwd Found in Requested URL — Possible LFI Attack
SOC239 — Remote Code Execution Detected in Splunk Enterprise
Detect Application Windows Discovery Techniques on Windows using KQL
