Week 30 – 2018

FORENSIC ANALYSIS

THREAT INTELLIGENCE/HUNTING

UPCOMING WEBINARS/CONFERENCES

  • Chris Vance at Magnet Forensics will be hosting a couple of webinars on using the Grayshift GrayKey along with Magnet Axiom to extract data from iOS 11 devices. The webinar will also “cover the newest issues in dealing with iOS 11-based devices, including passcode issues, the limits of biometrics, pairing certificates, and the newest USB Restricted Mode found in v11.4.1.” The webinars will take place Wednesday, August 1st @ 1:00PM EDT and Thursday, August 2nd @ 9:00AM EDT.
    Unlocking iOS 11’s Gates with GrayKey and Magnet AXIOM

  • There will be a SANS Q&A with Phil Hagen on July 31.
    Check out @sansforensics’s Tweet

PRESENTATIONS/PODCASTS

MALWARE

MISCELLANEOUS

  • Eric Huber at ‘A Fistful of Dongles’ interviewed Jessica Hyde about her life in the Marines, moving jobs to eventually work at Magnet, her upcoming book on IOT forensics, and sharing/giving back to the community.
    AFoD Blog Interview with Jessica Hyde

  • Tony at Archer Forensics advises that he will be looking into the data stored by the Reddit iOS app.
    Reddit, Lets Talk About It

  • Yulia Samoteykina at Atola shows how to find and edit cases on the Atola TaskForce.
    Finding and editing cases

  • Matt at Bit of Hex continues to look into HTTP/2 traffic.
    Dude! Where’s my HTTP/2?

  • The guys at Cyber Forensicator shared an upcoming book by Chet Hosmer on “incident response methods and techniques when faced with the unprecedented challenge that data hiding and covert communication pose”
    Investigating Data Hiding and Covert Communication

  • Brett Shavers at DFIR.Training expounds the benefits of practising on test images. Something I started doing but got sidetracked from finishing was compiling all of the solutions online to the problems. One of the main problems I would find is that people would write up their solutions on their blogs, but there was no link from the original image back! Something for someone else to do if they’re interested.
    New Digital Corpora Forensic Test Images

  • The guys at Digital Forensics Corp shared a broad overview of the GrayKey device, used to brute force and acquire iOS devices.
    GrafKey Overview

  • Janis Dalins has a post on the Australian Government’s Digital Transformation Agency website about some of his research into utilising deep learning to assist in identifying offensive materials (including child abuse, and extremist content).
    Using data to make investigations safer for AFP staff

  • There were a couple of posts on the Forensic Focus blog this week
  • Cindy Murphy at Gillware Digital Forensics announced that she will be starting a new series of blog posts on her favourite forensic artefacts.
    My Favorite Artifacts, Part 0: What Are Forensic Artifacts?

  • Magnet Forensics posted a couple of times this week
  • Jessica Hyde noticed that several DFIR Best Practices and Guidelines Drafts from SWGDE up for public comment.
    Check out @B1N2H3X’s Tweet

  • Howard Oakley at ‘The Eclectic Light Company’ has released a new MacOS  tool, cmpxat, that will allow you to compare both the data and metadata of two files
    How to check that a file really is a faithful copy

  • Over on my ThinkDFIR page, I put my thoughts down on why you should get into blogging. I’ve put some tips over here too since I guess I have some experience in posting? The TLDR is it’s worth putting your experiences or testing or anything you can out there on your own site. It benefits you in the long run. You can do it anonymously and still get some of the benefits.
    Should I Start A Blog? Yes, the answer is Yes

SOFTWARE UPDATES

And that’s all for Week 30! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!

As always, thanks to everyone for their support!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s