4n6 Week 34 – 2024 - FORENSIC ANALYSIS
本エントリは This Week in 4n6 (FourAndSix=Forensics) で紹介された各記事の冒頭を表示し、チェックする記事をザッピングするために自動生成&投稿したものです。4n6 は こちら からご確認いただけます。
FORENSIC ANALYSIS
0xdf hacks stuff
ctf htb-sherlock hackthebox forensics sherlock-reaper dfir ntml net-ntlmv2 ntlmrelayx ntlm-relay win-event-4624 win-event-5140 pcap wireshark llmnr jq evtx-dump Aug 22, 2024 HTB Sherlock: Reaper Reaper is the investigation of an NTLM relay attack. The attacker works from within the network to poison an LLMNR response when a victim has a typo in the host in a share path. This results in the victim authenticating to the attacker, who relays the authentication to another workstation to get access t...
Cellebrite
Cyber Triage
Digital Forensics Myanmar
eCDFP (Module-6) (Window Forensics) (Part - 7) Get link Facebook Twitter Pinterest Email Other Apps August 20, 2024 Windows Search Indexer က Window မှာ File/Folder/Email/Program တို့ကို ရှာဖွေရာမှာ မြန်မြန်ဆန်ဆန်ရှာနိုင်ဖို့အတွက် Window Vista ကနေစပြီးပါဝင်လာပါတယ်။ Window Server တွေကလွဲရင် ကျန်တဲ့ အများအသုံးပြုတဲ့ Window တွေမှာ Default အနေနဲ့ Enabled ဖြစ်နေပါတယ်။ Window Server 2008-2022 အထိ Index လုပ်တဲ့ပုံစံက အတူတူပဲဖြစ်ပါတယ်။ Window Server တွေမှာတော့ Default Disable ဖြစ်ပါတယ်။Window Search Inde...
eCDFP (Module-6) (Window Forensics) (Part - 8) Get link Facebook Twitter Pinterest Email Other Apps August 21, 2024 Prefetch File Forensics Window XP ကနေစပြီး Window Boot လုပ်တဲ့အချိန်နဲ့ Application/Process တွေ Loading လုပ်တဲ့အချိန်နည်းအောင် တစ်နည်းအားဖြင့် Window Performance ပိုပြီးကောင်းဖို့အတွက် Prefetch File တွေကို အသုံးပြုလာပါတယ်။ Window Cache Manager က Storage ပေါ်ကနေ Running လုပ်နေတဲ့ Storage ပေါ်မှာရှိနေတဲ့ Application တွေကို ပထမဆုံး Boot လုပ်တဲ့အချိန် 2 မိနစ်နဲ့ Startup Application တွေ...
eCDFP (Module-6) (Window Forensics) (Part - 9) Get link Facebook Twitter Pinterest Email Other Apps August 23, 2024 Application Compatibility ဆိုတာက Old Application တွေ ဒါမှမဟုတ် အချို့သော Application တွေကို New Version Window ပေါ်မှာ Run လို့ရအောင်ပြုလုပ်ပေးပါတယ်။ AppCompactCache (ShimCache) က Window Explorer မှာပေါ်တဲ့ Window Explorer ကနေကြည့်ရင်မြင်နိုင်တဲ့ Application/Script Files မှန်သမျှကို Compatibility Issues အနေနဲ့ Run နိုင်အောင်လုပ်ပေးဖို့ ShimCache ထဲမှာမှတ်သားထားပါတယ်။ Shim Cache Loc...
Forensafe
23/08/2024 Friday The Adidas Runtastic app is a sports application that offers various features for tracking athletic activities. It helps users monitor their sports and fitness goals, including running sessions and more. According to the application's page on the Google Play Store, over 170 million people use Adidas Running to track more than 90 sports and activities. Digital Forensics Value of Android Addidas Runtastic In mobile forensics, GPS and location artifacts are vital for investigation...
Joshua Hickman at ‘The Binary Hick’
- F1TYM1 Pingback: Not All Androids Who Wonder Are Lost. A Look At Android’s Find My Device Network - TQT Group Leave a ReplyCancel reply Search for: Categories Mobile (43) Android (31) Apple (13) iOS (12) Desktop (5) Tags Android (8) Mobile (4) Hands-Free (3) Auto (2) Google Assistant (2) Year 2024 (4) 2023 (4) 2022 (10) 2021 (12) 2020 (7) Follow Blog via Email Enter your email address to follow this blog and receive notifications of new posts by email. Email Address Follow Join 909 other subsc...
Katherine Nayan
Android Forensics: APK Downgrades - An Introduction 19 Aug 2024 5 minutes Hello! Welcome to my first post 🫣! Throughout college, I didn’t get to work on personal projects as much as I wanted to but now that I’ve graduated, I get to dive deeper into the world of digital forensics on my own time. This is a personal project that I started around May 2024 and this blog post serves as an introduction to my series: Android Forensics: APK Downgrades. My main motivation for doing this is making sure I c...
Mike at ØSecurity
Mike Aug 21, 2024 • 7 min read Let’s set some background first.Back in Windows XP and prior, the mere existence of AppCompatCache (aka Shimcache) could be used to prove execution. A program wasn’t shimmed unless it was actually executed. This changed in Windows 7, 8, and 8.1 (presumably Vista as well, but nobody used it) where a program could be shimmed due to multiple reasons, such as just viewing it in file explorer. However, there was an additional Insert Flag that, with a specific value, cou...
AbdulRhman Alfaifi at u0041
On Windows 11, Notepad stores a cache of recently opened files. This cache contains valuable information, such as file paths, file contents, and other useful data. In this article, we will examine the structure of the Notepad cache and provide a custom parser to extract this information for forensic investigations. AbdulRhman Alfaifi 18 Aug 2024 Hi 👋, In this blog post, I’ll be exploring a relatively new artifact in Windows 11. This artifact is related to the Notepad application and contains inf...