解析メモ

マルウェア解析してみたり解析に役に立ちそうと思ったことをメモする場所。このサイトはGoogle Analyticsを利用しています。

4n6 Week 10 – 2024 - FORENSIC ANALYSIS

本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。

FORENSIC ANALYSIS

Cado Security

Django Faiola at ‘Appunti di Informatica Forense’

Skip to content Appunti di Informatica Forense Digital Forensics and Incident Response Research Home page Downloads martedì 5 marzo 2024 Published marzo 05, 2024 by Django Faiola with 0 comment iOS Burner - Cache.db IntroduzioneQuesta seconda parte è un approfondimento dell'analisi di Burner, la cache. Se non l'hai ancora fatto ti consiglio di leggere la prima parte iOS Burner sull'analisi del database "Phoenix.sqlite". App Store: //apps.apple.com/us/app/burner-private-phone-line/id505800761Perc...

Introduzione Buner è un’applicazione mobile per iOS e Android sviluppata da Ad Hoc Labs, Inc. che consente agli utenti di mantenere privato il proprio numero (SIM) di telefono acquistando numeri di telefono usa e getta virtuali per scopi come annunci online, gioco d’azzardo, chat di incontri, privacy e altro. Basta fornire il numero burner e per esempio una chiamata in arrivo su questo numero viene reindirizzata in modo trasparente al numero personale (SIM) a meno che non si decida di bloccare i...

Forensic Science International: Digital Investigation

Invictus Incident Response

March 7, 2024At some point in 2023 out of nowhere there was a new entry under the Diagnostic Settings in Entra ID called EnrichedOffice365AuditLogs there was little to no documentation on it. The name alone was interesting because when you're doing cloud incident response in Entra environments this sounds like something you want to be looking at.. Searching through through X/Twitter lots of people were anxious about this log and what this could be:‍Well today is the day, because in this blog ...

Nik Alleyne at ‘Security Nik’

TOTAL RECALL 2024 - Memory Forensics Self-Paced Learning/Challenge/CTF Similar to "Solving the CTF challenge - Network Forensics (packet and log analysis), USB Disk Forensics, Database Forensics, Stego" this challenge is meant to support our team's development.This challenge can be looked at from both the Blue and Red Team perspectives. Blue team because, this is how we hope to find threats either from a "live" system or more specifically, in this case, from the contents of extracted memory,...

Lee Jun Hyeong at Plainbit

Lee Jun Hyeong 2024년 03월 04일 5 분 소요 * TIP 글은 Case 분석 시 참고할만한 내용 혹은 분석 과정에서 발견한 흔적에 대해 실험하고 연구한 내용을 간단히 작성한 글입니다.This post is related case study or DFIR artifacts research.* 본 글에서 상세한 내용은 언급되지 않습니다. 자세한 내용은 junhyeong.lee@plainbit.co.kr 메일로 연락 주시면 감사하겠습니다.This post is so simple, If you are interested contact to me(junhyeong.lee@plainbit.co.kr)TIP!ETL(Event Tracing Log)는 ETW(Event Tracing for Windows) 기능에 의해 생성되는 로그이다. 이벤트 로그(Event Log) 보다 더 원자(atom) 단위에 가까운 로그로 이벤트 로그에 기록되지 않는 유용한 정보들이 ETL 로그 파일(....

Terryn at chocolatecoat4n6

Chaos to Clarity: Why Triage is Not Optional March 7, 2024March 6, 2024 / ChocolateCoat As someone who works, lives and breathes in the world of Digital Forensics and Incident Response (DFIR), there is one skill that I think is often overlooked. Triage. It is a step we often forget since we want to jump straight into forensic analysis. However, skipping triage often means you have no idea where to start looking. Surgery without Pre-Op In my mind, forensic analysis is surgery. Most people would b...

The DFIR Report