本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成＆投稿したものです。4n6 は こちら からご確認いただけます。

FORENSIC ANALYSIS

Cesar Quezada at Hexordia

• FSEvents: How They Work and Why They Matter for Mac Analysis

Jun 21 Written By Cesar Quezada FSEventsShort for "File System Events," FSEvents is a macOS-specific API that enables applications to receive notifications about changes to the file system. The fseventsd daemon will monitor file system events and keep track of those changes. In practical terms, it provides a way for applications to monitor changes within the macOS file system. It enables developers and the file system to register for notifications about modifications such as file creation, delet...

Forensafe

• Investigating Android Device Health Services

21/06/2024 Friday Device Health Services is a system application that comes installed by default on most of the modern Android devices. This application collects data and uses it to customize the user's experience and optimize resource usage by managing the device's sensors. With Device Health Services, users can for example gain insights into battery usage, predict how long the battery will last based on current usage patterns, and receive tips to extend battery life. Digital Forensics Value of...

Neetrox at InfoSec Write-ups

• Analyzing a Phishing Email Header

Inginformatico

• Triage / Incident Response tools for Linux

Justin De Luna at ‘The DFIR Spot’

• Windows Defender MP Logs – A Story of Artifacts

Windows Defender MP Logs - A Story of ArtifactsCatchy title, eh? Well, I promise its not “clickbait”. When it comes to DFIR, there are obviously many artifacts to look at. You may even find an item of interest or “pivot point” in multiple artifacts. For example, identifying that a program was executed from both Prefetch and UserAssist or presence of a binary within the MFT (Master File Table) and Shimcache; but is there an artifact or log that will have observed files, hashes, timestamps, full p...

N00b_H@ck3r

• LetsDefend: Discord Forensics

Posted bylightkunyagami June 17, 2024 1 Comment on LetsDefend: Discord Forensics When I saw the Discord Forensics challenge on LetsDefend, it reminded me of some recent data leak incidents involving members of the US Air Force using the popular gaming community’s instant messaging and VoIP social platform Discord. And, so, I wanted to try how to investigate Discord artifacts. Below are some of the headlines showing the incidents: LetsDefend rated this challenge as Medium difficulty, but I feel i...

Oliver Hartshorn and Arun Prasannan at CCL Solutions

• Examining Session Desktop Attachments

Oliver Hartshorn (Principal PC Analyst) and Arun Prasannan (Research & Development) investigate how the Session Desktop messaging software for computer operating systems encrypts attachments that are stored locally.SessionSession is an open-source, end-to-end encrypted instant messaging service which aims to offer anonymity while avoiding the recording of metadata. Whereas many other messaging services rely on telephone numbers or email addresses to identify users, each Session user is assigned ...