本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成＆投稿したものです。4n6 は こちら からご確認いただけます。

MISCELLANEOUS

Aaron Clark at Active Countermeasures

• Building and Running Zeek on Windows Server 2022

Adam at Hexacorn

• The art of artifact collection and hoarding for the sake of forensic exclusivity… – Part 3

Posted on 2024-06-05 by adam (this is a very long post, sorry; took weeks to distill it into something that I hope is readable) As promised, today I am finally going to demonstrate that the piracy is good! (sometimes) In order to do so, I need to start in a non-sequitur way though… There are two questions that today’s forensic and telemetry technologies fail to answer quickly, let alone clearly: What will I find on this SPECIFIC system/endpoint? What will I find inside this ORG? (2a probably tou...

• The art of artifact collection and hoarding for the sake of forensic exclusivity… – Part 4

Posted on 2024-06-07 by adam In my last post I mentioned the outdated PAD files. Let’s have a closer look at them. Before we do so, a short comment first — in the era of omnipresent GenAI buzz sometimes it’s really hard to convince yourself to do any research let alone share the results of it. Everything feels ‘old’, the GenAI obviously knows all the answers, and no one can compete with this vast amount of information that can be extracted from these AI models so effortlessly, even if their advi...

• PE Section names – re-visited, again

Posted on 2024-06-08 by adam I recently caught up with torrents shared by VirusShare and after merging the new VS samples with my repo decided to extract PE section stats from all the files again…. This time, instead of actually attributing section names to protectors, programs, etc. I just share the actual statistics file… So… there you have it… 100M entries, 660K unique section names – it is an interesting clustering exercise… You can download the resulting file here. This entry was posted in ...

Belkasoft

• Case Study: Leveraging Belkasoft X for a Multi-Source Fraud Investigation

In August 2023, United Kingdom media widely spread a case: a fraudulent builder from Swindon who left work unfinished after pressuring victims to pay more than the agreed price has been sentenced at Reading Crown Court. During work carried out between October 2015 and January 2019 within several home renovations, Mr Corcoran left customers in severe emotional and financial distress after stopping work mid contract and demanding further sums of money for its completion. Mr Corcoran was prosecuted...

Security Onion

• Security Onion Documentation printed book now updated for Security Onion 2.4.70!

We've been offering our Security Onion documentation in book form on Amazon for a few years and it's now been updated for the recently released Security Onion 2.4.70!Thanks to Richard Bejtlich for writing the inspiring foreword!Proceeds go to the Rural Technology Fund!This edition has been updated for Security Onion 2.4.70 and includes a 20% discount code for our on-demand training and certification!This book covers the following Security Onion topics:First Time UsersGetting StartedSecurity Onio...

Doug Metz at Baker Street Forensics

• Installing the latest SIFT Workstation in WSL

Installing the latest SIFT Workstation in WSL DFIR, Forensic Imaging, Forensics If you’re like me and have your favorite forensic tools for Linux, and your favorite tools for Windows, you can run them both on the same machine without having to diminish resources with the use of a virtual machine. You can do this by installing SIFT (SANS Investigative Forensic Toolkit) within WSL (Windows Subsystem for Linux). Note: this article assumes that WSL is already installed. If not, GTS. Start off by gra...

Forensic Focus

• Forensic Focus Podcast Ep. 85 Recap: AI-Powered License Plate Reading With Amped DeepPlate

• Staying Ahead In DFIR: Embracing Continuous Education And Professional Development

• Cyber Unpacked: A New Webinar Series From Magnet Forensics Exploring Enterprise DFIR

• UPCOMING WEBINAR – XAMN Pro: “Turn The Dials To 10”

• Digital Forensics Round-Up, June 05 2024

• Forensic Focus Digest, June 07 2024

Magnet Forensics

• Ramping up digital media investigations: T3K.AI CORE soon available in Magnet Griffeye products 

We’re thrilled to share some exciting news for law enforcement professionals! Magnet Forensics has partnered with T3K.AI, an innovator in artificial intelligence technology, to empower law enforcement agencies and investigators worldwide with cutting-edge tools for their digital media investigations. Available in the Magnet Griffeye digital media platform At the heart of this partnership lies T3K.AI’s pioneering AI technology, CORE (Content Review Engine), which will be integrated with the entir...

Md. Abdullah Al Mamun

• Building Python AI Program to Tag SIEM Logs

Marias Sandbu

• How does Windows Recall work?

Leave a Comment / By msandbu / 7. June 2024 7. June 2024 While there has been a lot of focus on Windows Recall the last week about the security issues (which I will get back to later in this article) however there are few of the articles that actually describe how the technology actually works, therefore I wanted to use this article to write down my current understanding on how the different runtimes locally on the machine use Generative AI to handle the processing of Recall. Some of you might a...

Kyle Avery at Outflank

• EDR Internals for macOS and Linux

Kyle Avery | June 3, 2024 Many public blogs and conference talks have covered Windows telemetry sources like kernel callbacks and ETW, but few mention macOS and Linux equivalents. Although most security professionals may not be surprised by this lack of coverage, one should not overlook these platforms. For example, developers using macOS often have privileged cloud accounts or access to intellectual property like source code. Linux servers may host sensitive databases or customer-facing applica...

Oxygen Forensics

• Built-in Malware Detection for Files and Emails

Salim Salimov

• Installing Mitre Caldera 4 on Ubuntu VM

The Security Noob

• The Security Noob interviews Kevin Pagano of stark4n6

Posted on 03/06/202403/06/2024 Kevin Pagano is a seasoned cybersecurity professional specializing in Digital Forensics and Incident Response. With a strong technical background and a passion for unravelling complex cyber incidents, Kevin has become a trusted expert in investigating and mitigating cyber threats. When i first started getting into DFIR and was searching for all blogs and tools to help me, one of the sites i found myself revisiting again and again was //start.me/p/q6mw4Q/forensics N...