本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Atola
Report this article Atola Technology Atola Technology Fast forensic imaging. Even with bad drives. Published Apr 8, 2024 + Follow Hi there!Welcome back to Plug, Image, Repeat, the monthly newsletter where we share practical tips and tricks to improve your experience in digital forensics. We’re glad you’re here.🤗Our previous issues covered the primary RAID types. In this one, we will explore how to acquire data from RAIDs with redundancy. We will focus on the concept of parity, which is a crucial...
Alexis Brignoni at ‘Initialization Vectors’
New VLEAPP parser for Dodge RAM 1500 extractions 📍 GPS locations from 2 sources 🛣️ Current road names 🛑 Road speed limits 🚗 Vehicle speeds 🔗 Get VLEAPP: //buff.ly/3VLCXfSThe plan is to really dig down on vehicle extractions and create as much parsers as I can from the end of July to December.There is a real need for more parsing platforms that provide alternate methods for validation and report presentation. Hopefully open source tools can start moving the files in that direction.#DigitalForensi...
New parser for Uber app in iOS using iLEAPP🗜 Data contained in LevelDB data structures⏳ Timestamps📍 GPS coordinates + horizontal accuracy🚘 Speed🗺 Active trip information🔗 Get it here: //github.com/abrignoni/iLEAPPThanks to CCL Solutions & Alex Caithness for the LevelDB libraries used in this artifact.Libraries are located here: //github.com/cclgroupltd/ccl_chrome_indexeddb#DFIR #FLOSS #FOSS #MobileForensics #DigitalForensics at April 09, 2024 Email ThisBlogThis!Share to TwitterShare to FacebookS...
Belkasoft
Belkasoft CTF #6 "Bogus Bill"—Official Write-Up The sixth BelkaCTF was held from Apr 5 to 7, 2024. The competition commenced at 3 PM CEST on the 5th and spanned 48 hours. The CTF page was //belkasoft.com/belkactf6/ with tasks prepared by the Belkasoft and TODO: security teams. This official write-up explains how the tasks were intended to be solved using Belkasoft X. While there are various methods to tackle these challenges, we encourage reading the contestants' own write-ups. Importantly, ever...
Compass Security
April 9, 2024 / Andreas Arnold / 0 Comments This is hopefully the most useless blog post you will read this year as this post will detail our experience dealing with ransomware cases. It is one of the most common reasons why we get called in to help and it has become a big business. Chainalysis, for example, has tracked $1.1 billion in ransomware payments in 2023 alone. How does a ransomware attack unfold? Initial Access First, a threat actor (TA) gains initial access to the infrastructure. This...
Craig Ball at ‘Ball in your Court’
Cloud Attachments: Versions and Purview 08 Monday Apr 2024 Posted by craigball in Computer Forensics, E-Discovery, Uncategorized ≈ 6 Comments Tagscloud attachments, eDiscovery, Linked attachments, M365, modern attachments, Purview Last week, I dug into Cloud Attachments to email, probing the propensity of producing parties’ to shirk collection of linked documents. Here, I want to discuss the versioning concern offered as a justification for non-production and the use of hash duplicate identifica...
Forensafe
12/04/2024 Friday Android Digital Wellbeing is an application designed to help users better understand and manage their digital habits, promoting a healthier relationship with technology. It has features such as providing a detailed overview of device usage patterns, including time spent on specific apps and notifications received. Additionally, users can set app timers to limit their usage of specific applications. Android Digital Wellbeing aims to empower users to make informed decisions about...
Joshua Hickman at ‘The Binary Hick’
Skip to content The Binary Hick Thoughts From a Digital Forensic Practitioner Menu Public Images Contact Twitter Mastodon DeRR.p. Investigating Power Events on Samsung Devices Binary Hick Android, Mobile 2024-04-072024-04-08 9 Minutes My favorite band. Recently we received an email at work asking about a video clip the author had seen on their local television station. The clip showed a forensic examiner examining a file on a Samsung phone that indicated someone had turned the phone off. As it t...
Kevin Pagano at Stark 4N6
Posted by Kevin Pagano April 09, 2024 Get link Facebook Twitter Pinterest Email Other Apps I played the Belkasoft CTF recently (writeup coming soon) and as part of it, one of the questions involved the app Splitwise. I've used this app in the past for personal usage so I figured now that I have a file system dump from the competition I can take a peek at what we can parse. If you're not familiar with Splitwise it is a free tool for people to track bills and other shared expenses.The main file of...
Maxim Suhanov
April 9, 2024April 9, 2024 ~ msuhanov Have you ever seen files like “Op-EXPLORER.EXE-03C49D11-000000F5.pf“? TL;DR: these are operation-based prefetch files. An application can ask the NT kernel to record I/O traces for specific operations, either on a per-application or per-thread basis. Then, these traces will be used to prefetch file access requests for that application. The idea behind prefetching is to load data before it’s actually needed. Typically, the NT kernel records I/O traces for an ...
Mike at ØSecurity
Mike Apr 9, 2024 • 4 min read The following are some notes and a bit of a guide regarding collecting memory and disk from Proxmox Virtual Environment (hereafter PVE). There doesn't seem to be nearly as much information regarding best practices and potential pitfalls as there is for Hyper-V or ESXi. However, with the growing popularity of PVE, I can see forensic collections from this hypervisor becoming more of a priority.I've tested the following (except where otherwise noted) in my home lab, an...
Salim Salimov
Shanon Burgess
Beyond the Windshield: Dashcam Forensics - A Quick Overview Report this article Shanon Burgess Shanon Burgess Digital Forensics Analyst | GASF | MCFE | CCME | MCCE Published Apr 10, 2024 + Follow Let's delve into the realm of dash cameras for a moment. These devices serve as impartial witnesses, capturing crucial evidence leading up to incidents.However, consider this irony: they're typically mounted on windshields, yet one of the primary casualties in severe frontal collisions is, indeed, the w...
