本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Andrew Malec
VirusTotal & hash listsUnix-like Artifacts Collector (UAC)Acquiring Linux VPS via SSHAVML dump to SMB / AWSChina Chopper webshellLogging Powershell activitiesCompromised UniFi ControllerAnyDesk Remote AccessMounting UFS VMDK from NetScaler/Citrix ADCiOS ForensicsCheckm8 / checkra1n acquisitions/extractionsCTF / ChallengesDEFCON 2019 forensicsTomcat shellsMagnet Weekly CTFDFIR Madness CTFLog FilesWindowsMalware AnalysisIdentifying UPX packed ELF, decompressing, fixing, and analysing Linux malware...
Belkasoft
Introduction Screenshots of application data on devices are a valuable asset in digital investigations. Belkasoft X streamlines both the acquisition and analysis of this data source type: It provides the "Android screen capturer" method that enables you to obtain fully automated screenshots of popular messengers (Signal, Telegram, WhatsApp); when analyzing them, Belkasoft X uses text recognition algorithms to reconstruct captured chats for easier examination When you run this method for other ap...
Amanda Berlin at Blumira
CCL Solutions
CCL has added a new course to its training roster â Data Formats in Depth. The three-day course, which can take place at a customerâs premises or at our Stratford-on-Avon offices, aims to equip digital forensics professionals with an in-depth understanding of the wide range of file and data formats encountered during their investigations.Delivered by Principal Analyst Alex Caithness, the topics covered include: A refresher on binary encoding of numerical and textual data used in the formats ...
Felix Aeppli at Compass Security
January 30, 2024 / Felix Aeppli / 0 Comments TL;DR An attacker is able to register new security keys (FIDO) or other authentication methods (TOTP, Email, Phone etc.) after a successful device code phishing attack. This allows an attacker to backdoor the account or perform the self-service password reset for the account with the newly registered sign-in methods. Although we see a great security risk, Microsoft deemed this not a vulnerability. Device Code Phishing For those of you who have never h...
Dr. Tristan Jenkinson at ‘The eDiscovery Channel’
Shaking the Cobwebs CTF Part Four – Exploring the Blockchain and “The End” Tristan Jenkinson Bitcoin, Cryptocurrencies, Digital Forensics, OSINT, Technical, Technology February 3, 2024 4 Minutes By Dr Tristan Jenkinson The CSI Linux CTF – Shake the Cobwebs As anyone following my updates will have seen, I took part in the CSI Linux CTF over Christmas. The CTF required writing up a report of findings, and I thought that it might be helpful to share the content of my report. Part One covered the in...
Oleg Afonin at Elcomsoft
February 1st, 2024 by Oleg AfoninCategory: «General» The latest update to iOS Forensic Toolkit brought the ability to mount HFS disk images extracted from legacy Apple devices as drive letters on Windows systems. This new capability to mount HFS images on Windows empowers experts to efficiently process and analyze digital evidence extracted from legacy Apple devices on Windows-based computers. This article provides detailed instructions on using the new feature. Why HFS images? When performing l...
Forensafe
Investigating iOS SnapChat 02/02/2024 Friday Snapchat is a multimedia messaging app available for Apple and Android devices, offering a unique platform for users to share photos and videos with friends. Snapchat is characterized by its ephemeral nature, as messages and stories typically disappear after a set time. Snapchat allows users to enhance their content with creative filters and lenses, including the popular face-altering options. The platform's Snap Map feature facilitates real-time loca...
Salvation DATA
Home Products Forensic Expert Solutions Products: Digital Forensic Lab Video Investigation Portable 2.0 Database Forensic Analysis System SmartPhone Forensic System Professional Data Recovery System Big Data Forensics Data Recovery & Repair Product category: Database Recovery System Products: DBR for MySQL DBR for Oracle DBR for SQLServer Surveillance Video Recovery System Products: SVR for Hikvision SVR for Dahua SVR for Honeywell File Repair Master Products: Solutions Law Enforcement Military ...
Sleuth Kit Labs
The DFIR Report
James McGee at The Metadata Perspective
Introducing: Our new Brute Force Dictionary List Generator! Our Brute Force Dictionary List Generator is a free tool, created for the betterment of the Digital Forensic Incident Response Community. Supported List Types: Currently, we support both 4-digit and 6-digit passcode lists. Create a .txt file containing your possible passcodes and navigate to the file within the input file’s browse file option. Output: The tool will generate a .txt file containing all possible passcode combinations from ...
Siri’s Memory Lane: Exploring the siriremembers Database I was recently navigating an Apple iPhone Full File System Extraction for something not currently parsed by any digital forensic software. What I found was not exactly what I was initially looking for, but still proved to be an interesting and challenging digital puzzle. In this article, we will explore this new SQLite database, cover parsing key data through some SQL queries, and discuss additional important factors for the future and und...
