Another week of links only; hoping to return to scheduled programming next week but depends on how I go with the travel/jet lag. Spent the last few days with some awesome people at the SAN DFIR Summit; learnt a lot, met a lot of people, and overall had a great time. Unfortunately didn’t win the 4Cast Blog of the Year award, but thank you to everyone who voted, and also those that came up and said that they read my work. It’s very much appreciated.
FORENSIC ANALYSIS
- Digital Forensics Corp
Electronic Evidence where to find in Files - ElcomSoft blog
Fetching Call Logs, Browsing History and Location Data from Microsoft Accounts - Forense nella Nebbia
Virtualizing a raw image of an Apple OS X system - Forensic Focus
Remote Forensics Of Windows 10 Mobile Devices - Mark Mckinnon
MacOSX Recents Plugin - SANS Internet Storm Center
Windows Error Reporting: DFIR Benefits and Privacy Concerns, (Tue, Jun 20th) - Thoughts, Ramblings and Mediocre Ideas
Beginner’s Guide to the Forensics Lifestyle
THREAT INTELLIGENCE/HUNTING
- Carbon Black
Threat Hunting: The Thrill of the Hunt - Cyber Security
A Lustrum of Malware Network Communication: Evolution and Insights
UPCOMING WEBINARS
- AAFS
The AAFS Conference Submission Deadline is the 1st August 17 - Magnet Forensics Inc.
Webinar: Taking a bite out of Android’s tasty new versions - SANS
DFIR Prague 2017 Call for Presentations Now Open
PRESENTATIONS/PODCASTS
- IronGeek
BSides Cleveland 2017 - Digital Forensic Survival Podcast
DFSP # 070 – Notepad++ - Dimitris Margaritis
Detect the undetectable with Sysinternals Sysmon and Powershell logs - MalwareAnalysisForHedgehogs – YouTube
Malware Analysis – Encryption Algorithm of Alpha Ransomware (Pt. 2) - Paul’s Security Weekly
Eric Conrad, SANS – Paul’s Security Weekly #519 - SANS
DFIR Summit & Training 2017 (June 2017) Presentations - Stefan Le Berre
NTFS: Forensics, malwares and vulnerabilities - SUMURI Forensics
Does a Forensic Workstation’s Case Really Matter? – TALINO Talk – Episode 5
MALWARE
- 4n6ir
Fileless Application Whitelist Bypass and Powershell Obfuscation - Check Point Blog
May’s Most Wanted Malware: Fireball and Wannacry Impact More Than 1 in 4 Organizations Globally - Cylance Blog
Threat Spotlight: EternalBlue Exploit Breeds EternalRocks Malware - hackers-arise
Reverse Engineering Malware, Part 3: IDA Pro Introduction - Hasherezade’s 1001 nights
Solving the Shabak’s Airplane challenge – Tasks 1 and 2 - McAfee Labs – McAfee Blogs
‘McAfee Labs Threats Report’ Explores Malware Evasion Techniques, Digital Steganography, Password-Stealer Fareit - Palo Alto Networks Blog
The New and Improved macOS Backdoor from OceanLotus - SANS Internet Storm Center
Obfuscating without XOR, (Thu, Jun 22nd) - Security Affairs
Cisco Talos releases the BASS open source malware signature generator - Threat Research Blog
Remote Symbol Resolution - Virus Bulletin’s blog
Research paper shows it may be possible to distinguish malware traffic using TLS - VMRay
404 Error Page Hides RAMNIT.A Worm in the Source Code
MISCELLANEOUS
- AboutDFIR
SANS DFIR Summit 2017 Wrapup - AGP
Artifact Genome Project - Atola Technology
Calculating MD5 and SHA1 hashes of an existing E01 file - Black Hills Information Security
- Chris Sanders
The Cult of Passion - David Kovar
Launching KovarLLC - Digital Forensics Corp
Why Mobile Chats Are My First Source of Information for Investigations - DPM Forensics
Repairing Hard Drive Logic Boards - Forensic Focus
- Magnet Forensics Inc.
- Mobile & Technology Exploration
Universal Network Investigations - Sqrrl Blog
Threat Hunter Profile – Keith Gilbert - Sqrrl Blog
Cyber Incident Investigation Training: Reducing Evidence Abstraction - The Keyword
Digital security and due process: A new legal framework for the cloud era - TrewMTE – Mobile & Technology Exploration
Mobile Forensic Metamodel
SOFTWARE UPDATES
- Amped Blog
Amped Authenticate Update 9446: CameraForensics Integration, New Quantization Tables Database and Much More - Cellebrite
UFED Physical Analyzer, UFED Logical Analyzer and UFED Reader Version 6.2.5 - Digital Detective
NetAnalysis® v2.6 and HstEx® v4.6 Released - EasyMetaData
MetaDiver 3.1.2 released - ElcomSoft blog
Elcomsoft Phone Breaker Offers Over-the-Air Windows 10 Acquisition - ExifTool Updates
ExifTool 10.57 - GetData
Forensic Explorer v3.9.8.6558 Released - Hal Pomeranz
AnalyzeEXT Released - Kahu Security
ConverterNET v0.1 Released - Magnet Forensics Inc.
Flash Recovery Images to More Than 650 Samsung Devices with Magnet AXIOM - Matt Seyer
Updated rustlang dfir parsers with JP query! - MISP – a threat information sharing platform
MISP 2.4.76 released - Music Security and Technology
AChoir – Version 1.0 Released - NSA
NSA Released some tools on Github - Paraben Corp
E3 1.3 is now available! - Passware
New In Passware Kit 2017 v3 - Woanware
Volatility Runner v0.0.1 Released - David Pany
CDPO Released
And that’s all for Week 25! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 