FORENSIC ANALYSIS Chris Sanders describes “some different packet analysis tool filtering capabilities, some of the filters [he uses] when whittling down PCAPs, and some tricks for applying them effectively” Analyzing Large Capture Files 4: Whittling with Filters The guys at Cyber Forensicator wrote a few articles this week. Oleg Skulkin shared his answer to Dave […]

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog tests out Erics MFTECmd in examining a file stored in NTFS’s $ EA attribute. MFTECmd と $EA Somehow I missed Mari’s post last week so it’s here this week! Mari’s post covers PowerShell scripts that may be hiding in the registry as their persistence mechanism. Malicious […]

I’m back! Thankfully was able to get the post done today before jetlag set in. I’ll probably do a recap of the trip this week if I get a chance to jot down some thoughts. Overall it was fantastic and I had a great time, but it’s good to get home; 4 weeks away is […]

  Another week of links only; I’m going to try get back to scheduled programming next week but that may be tough. Will do my best 🙂 FORENSIC ANALYSIS Port139 ActivitiesCache.dbとアクティビティ削除(3) Arsenal Consulting Quick Look Cache Parsing Arsenal Quick Look Cache Parsing Collecting Quick Look Data From a Live macOS System Cyber Forensicator TrueCrypt Container […]

Links only this week! FORENSIC ANALYSIS Port139 ActivitiesCache.dbとアクティビティ削除(2) Cloudy Forensics How to run Yara Rules during Incident Response Cyber Forensicator Darwin-Collector – collect key files for macOS investigations Windows Phone Physical Imaging Without JTAG and Chip-off Cyber Triage Using Volatility in Cyber Triage to Analyze Memory DFIR Science Testing File Systems for Digital Forensic Imaging […]