本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
Adam Messer
Craig Ball at ‘Ball in your Court’
by Craig Ball John Tredennick said: August 5, 2024 at 9:36 AM Hey Craig. I enjoyed your latest. I also experimented with using LLMs to refine keywords back in the early months of GPT 3.5. These algorithms are amazing for all kinds of purposes including refining keyword search. We found that an even better way to do this is to submit a lot of relevant documents to the LLM to read, analyze and suggest keywords from the documents. Essentially, let the relevant documents speak to you about how to fi...
Mike Wilkinson at Cyber Triage
Decrypting a Defense
digitalforensicslas.substack.comCopy linkFacebookEmailNoteOtherOlympics Surveillance, Subway Weapons Detection System, Geofence Search Decision, Privacy from Drones, & MoreVol. 5, Issue 8The Digital Forensics UnitAug 05, 2024Share this postOlympics Surveillance, Subway Weapons Detection System, Geofence Search Decision, Privacy from Drones, & Moredigitalforensicslas.substack.comCopy linkFacebookEmailNoteOtherSharePhoto by Andrey Matveev on UnsplashAugust 5, 2024Welcome to Decrypting a Defense, t...
DFIR101
Podcast Visualized: Digital Forensic Survival Podcast (Ep004) – Windows Prefetch Aug 05 2024August 5, 2024 Link: //digitalforensicsurvivalpodcast.libsyn.com/podcast/test Podcast Notes: Reminder: We’re building evidence to show file use & knowledge. Prefetch is used by Windows to quickly load applications.Forensically, this is great information. Windows will identify frequently used applications and cache related dlls and other supporting files so that the application loads more quickly each time...
Podcast Visualized: Digital Forensic Survival Podcast (ep003) – Windows Explorer Evidence Aug 05 2024August 5, 2024 Podcast Visualized: Digital Forensic Survival Podcast (Ep003) – Windows Explorer Evidence Link: //digitalforensicsurvivalpodcast.libsyn.com/podcast/dfsp-003-windows-explorer-evidence Podcast Notes: Let’s try to answer “How many times has a file been accessed?” Internet Explorer will track file usage that took place inside Windows Explorer. Clearing IE cache will erase this info Tur...
Django Faiola at ‘Appunti di Informatica Forense’
Indice dei contenuti La struttura del record di autenticazione idstatuscache.plistPercorsiIl dubbio "Cellebrite"Conclusioni iLEAPP Introduzione Nel 2019 la Cellebrite pubblica l'articolo How iOS Properties Files Can Confirm a Suspect’s Contacts Even If Deleted dove in sintesi spiega l'importanza di trovare un archivio affidabile delle comunicazioni tra le parti che sia permanente e legittimo da consultare durante le indagini e in tribunale.L'identificazione dell'elenco dei contatti sul telefono ...
Oleg Afonin at Elcomsoft
More on Apple Developer AccountsiOS Forensic Toolkit: macOS, Windows, and Linux Editions ExplainediCloud Extraction Turns TwelveElcomsoft Forensic Acquisition System (EFAS)The Implications of Resetting the Screen Lock Passcode in iOS ForensicsAll You Wanted To Know About iOS BackupsResource Management in Distributed Password AttacksBootloader-Level Extraction for Apple HardwareNavigating NVIDIA's Super 40-Series GPU Update: A Guide for IT ProfessionalsMore... Events Official site About us Home C...
Forensafe
Investigating Android Yahoo Mail 09/08/2024 Friday Yahoo Mail allows users to connect globally and access their accounts on various devices, including desktops, laptops, and mobile phones. It supports external mail providers like Outlook, Gmail, and AOL. Additionally, Yahoo Mail offers features such as messaging, calendar, contacts integration, and one terabyte of storage capacity. The mobile apps include features like a composing assistant, smart contacts, account key, and document preview. Dig...
Heather Mahalik at Smarter Forensics
August 7, 2024 Heather Barnhart 1 Comment When I teach SANS FOR585 Smartphone Forensic Analysis In-Depth, we really dive into iOS artifacts to validate the truth of what happened, what tools are reporting, and what they are missing. Message retention is often needed to help examiners understand why data no longer exists on the iOS device if the user didn’t delete it. When hunting for deleted messages, I suggest students validate the current message retention settings in com.apple.MobileSMS.plist...
