本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
John Lukach at 4n6ir
by John Lukach I recently needed AWS Amplify logs for an investigation that became a painful experience; thus, I recommend adding an AWS Lambda that exports access logs daily with the provided Python example. Log File Format Python Libraries import boto3 import datetime import gzip import os import requests Previous Day yesterday = datetime.datetime.now() - datetime.timedelta(days=1) Generate Access Logs client = boto3.client('amplify', region_name = 'us-east-2') response = client.generate_acces...
Derek Eiri
Lionel Notari’s iOS Unified Log Acquisition Tool Derek Eiri digital forensics 2024-04-042024-04-04 I’ve been reading Lionel Notari’s blog posts over the last several weeks. In particular, I found his findings about WiFi signal quality intriguing. Just a few weeks ago, Notari shared his progress on his first digital forensics tool! For background on Notari’s work, his interview with Forensic Focus is a great start. With the release, and a public offer to try out the iOS Unified Log Acquisition to...
Steve Bunting at DFIR Review
by Steve BuntingPublished onApr 04, 2024CiteSocialDownloadContentslast released3 days agoShow detailsHow Did That Photo Get On That iPhoneContents·SynopsisForensics Question: To determine the manner (process) by which a particular photo in the Photos app was created on the iOS deviceOS Versions: iOS 12 - 16Tools: XRY 10.4 and previous versionsXAMN 7.4.0 and previous versionsSanderson Forensic Browser for SQLite V3.3.0Deep Dive Into The iOS âPhotos.sqliteâ database: Part 1Usually the content...
Forensafe
05/04/2024 Friday The iOS Calendar app is a very useful tool for managing schedules, appointments, and events on Apple devices. It seamlessly integrates with other Apple services like iCloud, allowing users to access their calendars across multiple devices. With features such as customizable views (day, week, month, or year), color-coded event categories, and reminders, users can efficiently organize their time and stay on top of their commitments. Users can also set alerts and notifications to ...
Hal Pomeranz at ‘Righteous IT’
Orphan Processes in Linux Posted on April 2, 2024 by Hal Pomeranz Orphan processes can sometimes cause confusion when analyzing live Linux systems. But during a recent run of my Linux Forensics class, one of my students showed me an interesting trick that I wanted to make more generally known. Consider a simple hierarchy of processes: UID PID PPID C STIME TTY TIME CMD root 729 1 0 17:19 ? 00:00:00 sshd: /usr/sbin/sshd -D ... root 1287 729 0 17:19 ? 00:00:00 sshd: lab [priv] lab 1336 1287 0 17:19...
Izzy Spering at Huntress
Analyzing a Malicious Advanced IP Scanner Google Ad RedirectionByIzzy Spering Download YourFirst nameLast NameEmailTitleStay up to date with HuntressPrivacy PolicyThank you! Your submission has been received!Oops! Something went wrong while submitting the form.HomeBlogAnalyzing a Malicious Advanced IP Scanner Google Ad RedirectionApril 1, 2024Analyzing a Malicious Advanced IP Scanner Google Ad RedirectionBy: No items found.|Contributors:No items found.ByIzzy Spering ShareâSo you found yourself...
Mailxaminer
Yahoo Email Forensics – Best Tactics to Analyze Data Published By Anurag Sharma Approved By Anuraag Singh Published On April 4th, 2024 Reading Time 8 Minutes Reading Category Email client, Forensics Yahoo Mail is one of the popular web-based email application used by countless users to meet their personal and business needs. With the rapid increase in net surfing and internet usage, users associated with a wide array of illegal activities have also enlarged. Security loopholes in Yahoo emailing ...
The Bat! — Email Forensics Published By Anurag Sharma Approved By Anuraag Singh Published On April 4th, 2024 Reading Time 6 Minutes Reading Category Forensics The Bat! email-client is considered as one of the most secured email client designed for Windows OS. It comes as a trial-ware software which is provided to users for a certain time and then after that a user has to buy the license for its continued services. On installing The Bat application on a system and successfully synchronizing with ...
MSAB
/ Blog / Hidden gems in Apple iOS digital forensics Apple iOS devices contain large amounts of artifacts, from both apps and the system itself. These artifacts are for the most part stored inside SQLite databases or Apple Property List (PList) files. Sometimes the data you are looking for is embedded several layers down. When you remove an app, the data it contains will be lost forever. The reason behind this is that the apps typically store their data in a sandbox, and the sandbox is removed wh...
/ Blog / A gift from Apple a day puts deleted data in play A small gift from Apple sees an Apple Backup yield more fruit for forensic examiners. In this blogpost, we’ll cover the extremely popular mobile operating system, iOS and take a look at this ‘gift’. Inadvertent or planned on their side, we cannot know for sure. But the bottom line is that we can reap some benefits from the iOS 17.4 update. Let’s see what it’s all about. IOS 17.4 – More deleted data from the iTunes backups with XRY? Yes, ...
