本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成＆投稿したものです。4n6 は こちら からご確認いただけます。

FORENSIC ANALYSIS

Andrea Fortuna

• Digital Detectives vs. Android 14: overcoming new forensic challenges

Aug 15, 2024 As smartphones continue to be an integral part of our daily lives, they also become increasingly valuable sources of digital evidence in investigations. Android, being one of the most widely used mobile operating systems, is often at the forefront of these investigations. With the release of Android 14, forensic analysts must adapt their techniques and tools to effectively extract and analyze data from devices running this latest version. Key Changes in Android 14 Before diving into...

Digital Forensics Myanmar

• eCDFP (Module-6) (Window Forensics) (Part – 6)

eCDFP (Module-6) (Window Forensics) (Part - 6) Get link Facebook Twitter Pinterest Email Other Apps August 12, 2024 Recycle Bin Forensics Computer မှာ File ဖျက်တဲ့အခါမှာ Shift + Delete နှိပ်ပြီး Recycle Bin ထဲရောက် တာကိုရှောင်ရှားနိုင်ပေမဲ့ User က အမှတ်တမဲ့နဲ့ Shift + Delete မနှိပ်ပဲ Recycle Bin ထဲကို ဖျက်လိုက်တဲ့အခါ File က Recycle Bin ထဲ ရောက်ရှိနေနိုင်ပါတယ်။ Shift + Delete နှိပ်ပြီးဖျက်လိုက်တဲ့ Data တွေကို ပြန်လိုချင်တယ်ဆိုရင် File System, Storage Level အပိုင်းဖြစ်ပါတယ်။ Recycle Bin က Window မ...

Forensafe

• Investigating Android Here WeGo

16/08/2024 Friday Here WeGo is a web-based mapping and satellite navigation software operated by HERE Technologies, accessible on both web and mobile platforms. It utilizes HERE's location data platform, offering local data that includes satellite views, traffic information, and various location services. Digital Forensics Value of Android Here WeGo In the realm of mobile forensics, GPS and location artifacts are critical components of an investigation. Consequently, the Here WeGo application po...

Kevin Stokes

• Plaso Super Timelines and CloudTrails

Oxygen Forensics

• macOS Extraction of System Artifacts with Oxygen Forensic® KeyScout

Kokab Rasool at Paraben Corporation

• Memory Forensics Tools Overview

Rajendra Prasanth S

• File System tunnelling

Report this article Rajendra Prasanth S Rajendra Prasanth S Principal Cyber Security Incident Responder | Ransomware researcher| IR- SOPHOS Published Aug 15, 2024 + Follow Understanding File System Tunneling: An In-Depth LookFile system tunneling is a feature that can seem like a minor technical detail, but it plays a significant role in the way files are handled by operating systems like Windows. For most users, this feature operates behind the scenes, ensuring smooth and consistent experiences...

John Brown at SANS

• Up and Running with Siftgrab

John Brown Up and Running with Siftgrab Siftgrab was developed to assist individuals of any experience level in identifying and correlating forensic artifacts. August 13, 2024 One of the most comprehensive resources for introducing newcomers to Digital Forensics and Incident Response (DFIR) is the SANS Windows Forensic Analysis Poster. Because Microsoft continues to hold the largest operating system market share, it makes sense to start with Windows forensics. It’s also widely acknowledged tha...

System Weakness

• FIRST CTF Forensics

• TryHackMe — Intro to Cold System Forensics — Walkthrough

Raymond Chen at The Old New Thing

• Instead of putting a hash in the Portable Executable timestamp field, why not create a separate field for the hash?

Raymond Chen August 15th, 20247 2 Some time ago, we learned why the module timestamps in Windows 10 are so nonsensical: Because they aren’t timestamps any more. They are a hash of the resulting binary. But why not invent a new field called, say, UniqueValue for the hash, rather than putting it in the timestamp field? //t.co/iPc0RdM9vc yes, stupid decision imho; could use a diff. field for that — Adam (@Hexacorn) February 15, 2024 Well, for one thing, that would be a breaking change. If you take ...