本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成＆投稿したものです。4n6 は こちら からご確認いただけます。

FORENSIC ANALYSIS

Cyber 5W

• Windows Memory Forensics

Cyber 5W in Memory-Forensics Objectives In this blog post, we are talking about what we can do if we are presented with a Memory image for a suspected machine to investigate and how to leverage our tools to get as much information as we can from it. we will be dealing with two tools: Volatility 3 MemProcFS Experience Level required: Beginner Introduction Memory forensics is a must-have skill for any computer forensics investigator, you can find a lot of evidence that can’t be found on the disk l...

Forensafe

• Investigating Apple Data Usage

29/03/2024 Friday Apple data usage keeps a record of inbound and outbound data traffic used by applications and processes. This feature in Apple devices keeps a record of applications and processes data consumption from different data sources such as WIFI and WWAN. Moreover, it records times and dates related to connections, first usage, and last usage. Digital Forensics Value of Apple Data Usage Apple Data Usage artifacts can be a crucial part of investigations in Apple device-related forensics...

R Tec Cybersecurity

• Abschlussbericht Security Incident

Salvation DATA

• A Step-to-Step Guide for Data Extraction from Wechat

Work Tips 2024-03-29 Content Case Description Case Analysis Case Study Notes Content Case Description Case Analysis Case Study Notes Case Description When a police station in Hunan cracked a motorcycle gang theft case, they arrested the suspect Zhang on the spot during the transaction and obtained his real mobile phone. Investigators found that there was a large amount of direct digital evidence related to theft on his WeChat, and it was necessary to fix the evidence and perform data extraction ...

Scott Koenig at ‘The Forensic Scooter’

• PhotoData – Photos.sqlite and Syndication Photo Library – Photos.sqlite Query Updates

PhotoData – Photos.sqlite and Syndication Photo Library – Photos.sqlite Query Updates Posted byScott_koenigMarch 24, 2024Posted inPhoto Library, Photos.Sqlite, Shared with You, SyndicationTags:#DFIR, iCloud Shared Photo Library, Photo Library, Photos.Sqlite, Shared iCloud Links, Shared with You, Syndication Photo Library Hello again, if you have not already noticed, I moved the queries around on GitHub in preparation of updates based on new research. The research will be published at a later tim...

Nathanael Ndong at Last Blog Article

• VMware ESXi Forensic with Velociraptor

Written by Nathanael Ndong - 28/03/2024 - in CSIRT - Download If you are a regular Velociraptor user, you'll no doubt have noticed the introduction of new features since release 0.7.1 that extend its forensic capabilities on various systems. If not, this article will show you how to leverage those new features in order to perform forensic analysis of a VMware ESXi hypervisor. Introduction During our investigations, we have come across more and more VMware ESXi hypervisors. These are being increa...