Links only this week! On the way home back from Vegas after an exciting few days of DFIR (and FIFA)
FORENSIC ANALYSIS
- @port139
Jumplist and Clear File Explorer history - Archer Forensics
Dissecting Official Reddit App, What Your Tools Don’t Tell You - DF Challenge
Digital Forensic Challenge - DME Forensics
10 Tips for a Nonworking DVR - Dave Cowen
- Daily Blog #443: Solution Saturday 8/4/18
- Daily Blog #444: Sunday Funday 8/5/18
- Daily Blog #445: F-Response and the Cloud
- Daily Blog #446: Sparse image blues
- Daily Blog #447 Defcon 2018 Forensic CTF
- Daily Blog #448: Defcon DFIR CTF update
- Daily Blog #449: Solution Saturday
- Daily Blog #450: Sunday Funday 8/12/18
- Matteo Redaelli
imago-forensics - Mac4n6
Knowledge is Power! Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage - SalvationData
[Case Study] Mobile Forensics: Downgrade Extraction – Collect App Data without Root
THREAT INTELLIGENCE/HUNTING
- Burnham Forensics
- Cofense
Abusing Microsoft Windows Utilities to Deliver Malware for Fun and Profit - Countercept
Detecting Malicious Use of .NET – Part 1 - Endurant
Intuitive Detections Research With Graph Analytics and Neo4J - Deriving Cyber Threat Intelligence and Threat Hunting
Hunting for malicious DCSync operations - Risk, Failure, Survival
2018 Security Operations SOC Summit wrap up - SandmaxPrime
MalDoc Analysis – Dosfuscation - SANS Internet Storm Centre
Hunting SSL/TLS clients using JA3, (Fri, Aug 10th) - The Citizen Lab
Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces - FireEye
BIOS Boots What? Finding Evil in Boot Code at Scale!
UPCOMING WEBINARS/CONFERENCES
- Griffeye
Webinar-18-08 - Virus Bulletin
VB announces Threat Intelligence Summit to take place during VB2018
PRESENTATIONS/PODCASTS
- BSides Rochester 2018
IoT 4n6: The Growing Impact of the Internet of Things on Digital Forensics - Digital Forensic Survival Podcast
DFSP # 129 – Excel Fu for Frequency Analysis - Auptyk
Recover SQLite Freeblock Data With Python
MALWARE
- Cyberbit
BackSwap Banker Malware Hides Inside Replicas of Legitimate Programs - Fox-IT
Bokbot: The (re)birth of a banker - Intezer
Examining Code Reuse Reveals Undiscovered Links Among North Korea’s Malware Families - Kahu Security
- Malware Analysis: The Final Frontier
IRIS-H: Alpha is dead! Long live Beta. - Palo Alto Networks
DarkHydrus Uses Phishery to Harvest Credentials in the Middle East - SANS Internet Storm Centre Handler Diaries
- Sebdraven
Lammers, stealers and RATs: same technics like Formbook malware to install JRAT and HawkEye… - Stillztech
Basic Static Analysis (Part 1) - The PhishLabs
BankBot Anubis Still a Threat, Gets Upgrade - Vitali Kremez
Let’s Learn: In-Depth into the Latest “Ramnit” Banker Malware via “sLoad” PowerShell - VMRay
Forgotten MS Office Features Used to Deliver Malware
MISCELLANEOUS
- AceLab
The new versions of PC-3000 Express/UDMA-E/Portable Ver. 6.5.14, Data Extractor Ver. 5.8.5, Data Extractor RAID Edition Ver. 5.8.5, PC-3000 SSD Ver. 2.6.5 are available now! - BriMor Labs
Live Response Collection Development Roadmap for 2018 - DFIR.Training
Anti-Forensic/Counter-Forensic Tools and thensome - Digital Detective
Understanding Big and Little Endian Byte Order - Div Ops
Attribution - Elcomsoft
Android Pie Lockdown Option: a Match for iOS SOS Mode? - EWeek
DFLabs to Release Free Live Forensics Tool at Black Hat - Forensic Focus
Have Your Say In The House Of Lords’ Select Committee On Science And Technology - Griffeye
Reducing the Mental Stress of Investigators - Hexacorn
Splunk Queries – syntax highlighting (a wordfile for Ultraedit) - Magnet Forensics
- Salt Forensics
Notifiable Data Breach Statistics - Scar de Courcier
A couple of interviews
SOFTWARE UPDATES
- Arsenal Consulting
HiveRecon and HbinRecon Launched - Atola
Atola TaskForce 2018.1.3 – Accessing password-protected servers - CDQR
CDQR 4.1.7 - TSK/Autopsy
The Sleuth Kit 4.6.2 and Autopsy 4.8.0 released - Eric Zimmerman
PECmd - Evimetry
Release 3.0.10 - MISP
MISP 2.4.94 released (aka summer improvements) - MobilEdit
Forensic Express 5.5 Released! - Oxygen Forensic
Oxygen Forensic Detective 10.4 - Skadi
- Radare2
r2-2.8 – codename OliveDealer - Sanderson Forensics
New release 3.2.15 - YARA
YARA 3.8.0
And that’s all for Week 32! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
As always, thanks to everyone for their support!