Week 48 – 2017

FORENSIC ANALYSIS

THREAT INTELLIGENCE/HUNTING

UPCOMING WEBINARS/CONFERENCES

  • Tayfun Uzun at Magnet Forensics will be presenting a webinar on Wednesday, December 13, 2017 at 1:00PM Eastern Time regarding the “importance of smart, simplified collaboration and how to avoid pitfalls when working with several and varied stakeholders.”
    Sharing is Caring: Empowering the Whole Team to Collaborate

  • Matt Aubert at Cisco announced a webinar titled “Dissecting a Breach: An Incident Responder’s Perspective.” The webinar will take place on December 5, 2017 at 1PM ET | 10AM PT. The post also describes the incident response process.
    Dissecting a Breach:  The Process of Incident Response

PRESENTATIONS/PODCASTS

MALWARE

MISCELLANEOUS

SOFTWARE UPDATES

  • “Mobilyze 2017 R1.1 is now available with new features and improvements that support the latest phones and operating systems, including iPhone 8 and devices running iOS 11, or Android 8.0 (Oreo).”
    Mobilyze 2017 R1.1 is now available

  • “PyInstaller Extractor has been updated to v1.9. The features of this release includes support for Pyinstaller 3.3 [and] display the scripts which are run at entry point”
    Pyinstaller Extractor updated to v1.9

  • Didier Stevens updated his pdfid tool to v0.2.3, adding a -n option to hide “output for names with a count of zero”.
    Update: pdfid.py Version 0.2.3

  • Elcomsoft Phone Breaker 8.1 was released, which allows investigators to utilise the Anisette data on a suspect computer to bypass 2FA. Oleg Afonin explains the process in this article.
    Target: Apple Two-Factor Authentication

  • Evimetry 3.0.5 was released with some fixes and improvements.
    Release 3.0.5

  • Paraben have updated their E3 platform to version 1.5. They “are also offering a unique come back program until Dec 31, 2017 where prior lapsed customers can bring their license current for a small fee”.
    Paraben Releases Version 1.5 Of The E3 Platform With New iOS 11 And Chrome

  • GetData updated Forensic Explorer to version 4.1.0.6746 with a variety of new enhancements and features. The main improvement is the new Artifacts Module, which I’ve heard about from the developers but I haven’t had a chance to see yet.
    Version 4 – Major Release – 29 November 2017 – v4.1.0.6746

  • Griffeye has released Analyze Di Pro, “an advanced investigation tool, used to process, analyze, visualize and manage large volumes of images and video”
    Launch of Analyze Di Pro – Advanced Integrated Workflow

  • IDA 7.0sp1 was released with a significant number of bug fixes.
    IDA: What’s new in 7.0sp1

  • MobilEdit Forensic Express 5.0 has been released with new features including an improved update mechanism, “Photo Recognizer”, and “Language customization and localization of reports”.
    Forensic Express 5.0 Released

  • Maxim Suhanov has updated his registry parsing utility, YARP, to version 1.0.3
    1.0.3

  • Nader Shalabi at No-Secure-Code has released Sysmon View v1.4. The update adds WMI event importing (including some additional ‘views’), as well as no longer encrypting the SQLite database used to store imported events.
    Sysmon View 1.4 released!

  • Oxygen Forensic Detective was updated to version 10.0.1, improving data collection from the WhatsApp server, and “also allows selecting a time period for data export and improves video files detection”.
    Oxygen Forensic® Detective extracts extended information from WhatsApp server

  • Radare2 was updated to v2.1.0. “This release brings better support for Windows debugging, radare2 filesystem, file format improvements and massive speedup of the interface. Moreover, you can find better working search commands and various bug fixes.”
    Codename “onhold”

  • IsoBuster 4.1 Beta was released, improving reporting and file export, as well as improved file system support and bug fixes.
    IsoBuster 4.1 Beta released

  • X-Ways Forensic 19.5 was officially released and then updated to SR-1. The update includes minor improvements and bug fixes.
    X-Ways Forensics 19.5 SR-1

And that’s all for Week 48! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s