Links only this week!

FORENSIC ANALYSIS

• Port139
  ActivitiesCache.dbとアクティビティ削除(2)

• Cloudy Forensics
  How to run Yara Rules during Incident Response

• Cyber Forensicator
  • Darwin-Collector – collect key files for macOS investigations
  • Windows Phone Physical Imaging Without JTAG and Chip-off

• Cyber Triage
  Using Volatility in Cyber Triage to Analyze Memory

• DFIR Science
  Testing File Systems for Digital Forensic Imaging

• Elcomsoft
  • Demystifying Android Physical Acquisition
  • WhatsApp Business Acquisition Guide
  • iOS 11.4.1 Beta: USB Restricted Mode Has Arrived

• Mark Mckinnon
  Parse The Appx Programs In Autopsy

• Righteous IT
  XFS (Part 4) – Block Directories

• Salt Forensics
  FTK Imager and Custom Content Images

• Salvation Data
  [Case Study] Computer Forensics: How To Forensically Extract Evidence Data From A Virtual Machine

• The Forensicator
  Guccifer 2’s West Coast Fingerprint

• Trail of Bits
  Collect NTFS forensic information with osquery

• Pieces0310
  Another option to bootup evidence files – Pieces0310
  

THREAT INTELLIGENCE/HUNTING

• TCDI
  Four Steps to Effective Cybersecurity Logging

• Endgame
  The ATT&CK Matrix Revolution in Security

• Group IB
  Cobalt Renaissance: new attacks and joint operations

• Hexacorn
  Beyond good ol’ Run key, Part 78

• Javelin Networks
  Why Can’t Credentials Guard Stop Lateral Movement?

• Red Canary
  Breathing Life into Detection Capability: the Creation of Detector #1236
  

UPCOMING WEBINARS/CONFERENCES

• ADF
  Webinar: Solve Internet Crimes Against Children

• VTO
  Upcoming Data Finders Event

• SANS DFIR Summit Prague
  Check out @sansforensics’s Tweet
  

PRESENTATIONS/PODCASTS

• Adrian Crenshaw
  Circle City Con 2018 Videos

• Cyber.Now podcast
  Check out @CyberNowPod’s Tweet

• Digital Detectives
  The FBI’s Access to iPhone Data: Apple Fights Back

• Magnet Forensics
  • Getting Started with Magnet AXIOM Examine – Tagging and Reporting
  • Getting Started with Magnet AXIOM Examine – Views
  • Getting Started with Magnet AXIOM Examine – Search and Filters
  • Getting Started with Magnet AXIOM – File System and Registry
  • Getting Started with Magnet AXIOM Examine – Artifacts
  • Getting Starting with Magnet AXIOM Process – Processing Options and Artifacts
  • Getting Started with Magnet AXIOM Process – Cloud
  • Getting Started with Magnet AXIOM Process – Mobile
  • Getting Started with Magnet AXIOM Process – Computers

• Digital Forensic Survival Podcast
  DFSP # 119 – MFT2CSV

• Sandfly Security
  Christchurch Hacker Con 2017 Linux Forensics Slides

• SANS
  • What’s New with FOR518   Mac and iOS Forensic Analysis & Incident Response
  • Survival Heuristics: My Favorite Techniques for Avoiding Intelligence Traps – SANS CTI Summit 2018

• The Cyber Jungle
  The CyberJungle Episode401

• 11th International Conference on IT Security Incident Management & IT Forensics
  IMF Conference 2018 Program

MALWARE

• Bit Therapy
  Malicious Document Analysis – Macro to Shellcode

• Arbor Networks
  OMG – Mirai Minions are Wicked

• CERT Poland
  Ostap malware analysis (Backswap dropper)

• Flashpoint
  Trickbot and IcedID Botnet Operators Collaborate to Increase Impact

• Intezer
  Iron Cybercrime Group Under The Scope

• Lastline
  APT28 Rollercoaster: The Lowdown on Hijacked LoJack

• Malware Soup
  Tricky CVE-2017-11882 Trick Used to Deliver Trickbot

• Marco Ramilli
  MalHide: an interesting Malware sample

• SANS Internet Storm Centre
  Binary analysis with Radare2, (Fri, Jun 1st)

• Cisco’s Talos
  NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea

• Security Intelligence
  New Banking Trojan MnuBot Discovered by IBM X-Force Research

• TrendLabs
  Rig Exploit Kit Now Using CVE-2018-8174 to Deliver Monero Miner

• TrustedSec
  Malware Analysis is for the (Cuckoo) Birds – Working with Proxmox
  

MISCELLANEOUS

• Atola
  Running 8 or more tasks on TaskForce

• Bit of Hex
  CyberChef & DFIR

• Blackbag Technologies
  Apple iCloud Production Service

• Didier Stevens
  PDFiD: GoToE and GoToR Detection (“NTLM Credential Theft”)

• Susteen
  Susteen Will Debut New Field Acquisition Device At Techno Security Conference

• Forensic Focus
  Interview With Geoff MacGillivray, VP of Product Management, Magnet Forensics

• Magnet Forensics
  • New Case Study Describes How Magnet ATLAS Tracks Complex Cases
  • How Magnet AXIOM Helps You Develop Your Mobile Forensic Skills

• So Long, and Thanks for All the Fish
  How to install (and run) tcpdump on Android devices

• Mike Sheward
  My New Book: Hands-on Incident Response and Digital Forensics

• Vitaliy Mokosiy
  How we built Atola TaskForce
  

SOFTWARE UPDATES

• Eric Zimmerman
  A fluery of updates!

• Cellebrite
  UFED Cloud Analyzer 7.2 [May 2018]

• Elcomsoft
  ElcomSoft Tool Extracts WhatsApp Business Data

• ExifTool
  ExifTool 10.99

• Netflix-Skunkworks
  Diffy

• Orion Forensics
  Check out @orionforensics’s Tweet

• Oxygen Forensics
  Oxygen Forensic® Detective update offers access to Samsung Secure Folder, enhanced lock screen-bypass, and more
  

And that’s all for Week 22! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!