Week 28 – 2018

FORENSIC ANALYSIS Adam Harrison at 1234n6 shares his answer to the recent Sunday Funday challenge regarding o365 logging. Adam’s solution also won him the challenge Investigating Office365 Account Compromise without the Activities API Brian Gerdon at Arsenal Recon walks through his process for cracking the password of a Windows XP domain account. An Adventure in […]

Week 27 – 2018

I’ve decided to formalise the support page for the project, which can now be accessed from the top menu. I figured that it would be a good idea to put it all in the one place. I’m still holding out from the advertising model, although I think that’s more of a personal preference more than […]

This Month In 4n6 – June – 2018

A monthly wrap-up of the DFIR news for June 2018. Thank you to those Patreon donors for the last month. I decided to go with the value-for-value model rather than advertising. Alternatively, it would be great if you could leave an iTunes review. If you are a Patreon donor the show notes can be found here. Special thanks to […]

Week 26 – 2018

FORENSIC ANALYSIS Chris Sanders describes “some different packet analysis tool filtering capabilities, some of the filters [he uses] when whittling down PCAPs, and some tricks for applying them effectively” Analyzing Large Capture Files 4: Whittling with Filters The guys at Cyber Forensicator wrote a few articles this week. Oleg Skulkin shared his answer to Dave […]

Week 25 – 2018

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog tests out Erics MFTECmd in examining a file stored in NTFS’s $ EA attribute. MFTECmd と $EA Somehow I missed Mari’s post last week so it’s here this week! Mari’s post covers PowerShell scripts that may be hiding in the registry as their persistence mechanism. Malicious […]

Week 24 – 2018

I’m back! Thankfully was able to get the post done today before jetlag set in. I’ll probably do a recap of the trip this week if I get a chance to jot down some thoughts. Overall it was fantastic and I had a great time, but it’s good to get home; 4 weeks away is […]

Week 23 – 2018

  Another week of links only; I’m going to try get back to scheduled programming next week but that may be tough. Will do my best 🙂 FORENSIC ANALYSIS Port139 ActivitiesCache.dbとアクティビティ削除(3) Arsenal Consulting Quick Look Cache Parsing Arsenal Quick Look Cache Parsing Collecting Quick Look Data From a Live macOS System Cyber Forensicator TrueCrypt Container […]