Links only this week! On the way home back from Vegas after an exciting few days of DFIR (and FIFA)

FORENSIC ANALYSIS

• @port139
  Jumplist and Clear File Explorer history

• Archer Forensics
  Dissecting Official Reddit App, What Your Tools Don’t Tell You

• DF Challenge
  Digital Forensic Challenge

• DME Forensics
  10 Tips for a Nonworking DVR

• Dave Cowen
  • Daily Blog #443: Solution Saturday 8/4/18
  • Daily Blog #444: Sunday Funday 8/5/18
  • Daily Blog #445: F-Response and the Cloud
  • Daily Blog #446: Sparse image blues
  • Daily Blog #447 Defcon 2018 Forensic CTF
  • Daily Blog #448: Defcon DFIR CTF update
  • Daily Blog #449: Solution Saturday
  • Daily Blog #450: Sunday Funday 8/12/18

• Matteo Redaelli
  imago-forensics

• Mac4n6
  Knowledge is Power! Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage

• SalvationData
  [Case Study] Mobile Forensics: Downgrade Extraction – Collect App Data without Root
  

THREAT INTELLIGENCE/HUNTING

• Burnham Forensics
  • The Journey Begins
  • Introduction to ELK

• Cofense
  Abusing Microsoft Windows Utilities to Deliver Malware for Fun and Profit

• Countercept
  Detecting Malicious Use of .NET – Part 1

• Endurant
  Intuitive Detections Research With Graph Analytics and Neo4J

• Deriving Cyber Threat Intelligence and Threat Hunting
  Hunting for malicious DCSync operations

• Risk, Failure, Survival
  2018 Security Operations SOC Summit wrap up

• SandmaxPrime
  MalDoc Analysis – Dosfuscation

• SANS Internet Storm Centre
  Hunting SSL/TLS clients using JA3, (Fri, Aug 10th)

• The Citizen Lab
  Familiar Feeling: A Malware Campaign Targeting the Tibetan Diaspora Resurfaces

• FireEye
  BIOS Boots What? Finding Evil in Boot Code at Scale!
  

UPCOMING WEBINARS/CONFERENCES

• Griffeye
  Webinar-18-08

• Virus Bulletin
  VB announces Threat Intelligence Summit to take place during VB2018
  

PRESENTATIONS/PODCASTS

• BSides Rochester 2018
  IoT 4n6: The Growing Impact of the Internet of Things on Digital Forensics

• Digital Forensic Survival Podcast
  DFSP # 129 – Excel Fu for Frequency Analysis

• Auptyk
  Recover SQLite Freeblock Data With Python
  

MALWARE

• Cyberbit
  BackSwap Banker Malware Hides Inside Replicas of Legitimate Programs

• Fox-IT
  Bokbot: The (re)birth of a banker

• Intezer
  Examining Code Reuse Reveals Undiscovered Links Among North Korea’s Malware Families

• Kahu Security
  • Deobfuscating the Latest Maldocs
  • Introducing Reneo

• Malware Analysis: The Final Frontier
  IRIS-H: Alpha is dead! Long live Beta.

• Palo Alto Networks
  DarkHydrus Uses Phishery to Harvest Credentials in the Middle East

• SANS Internet Storm Centre Handler Diaries
  • Numeric obfuscation: another example, (Mon, Aug 6th)
  • Video: Maldoc analysis with standard Linux tools, (Sun, Aug 5th)
  • Peeking into msg files – revisited, (Sat, Aug 11th)

• Sebdraven
  Lammers, stealers and RATs: same technics like Formbook malware to install JRAT and HawkEye…

• Stillztech
  Basic Static Analysis (Part 1)

• The PhishLabs
  BankBot Anubis Still a Threat, Gets Upgrade

• Vitali Kremez
  Let’s Learn: In-Depth into the Latest “Ramnit” Banker Malware via “sLoad” PowerShell

• VMRay
  Forgotten MS Office Features Used to Deliver Malware
  

MISCELLANEOUS

• AceLab
  The new versions of PC-3000 Express/UDMA-E/Portable Ver. 6.5.14, Data Extractor Ver. 5.8.5, Data Extractor RAID Edition Ver. 5.8.5, PC-3000 SSD Ver. 2.6.5 are available now!

• BriMor Labs
  Live Response Collection Development Roadmap for 2018

• DFIR.Training
  Anti-Forensic/Counter-Forensic Tools and thensome

• Digital Detective
  Understanding Big and Little Endian Byte Order

• Div Ops
  Attribution

• Elcomsoft
  Android Pie Lockdown Option: a Match for iOS SOS Mode?

• EWeek
  DFLabs to Release Free Live Forensics Tool at Black Hat

• Forensic Focus
  Have Your Say In The House Of Lords’ Select Committee On Science And Technology

• Griffeye
  Reducing the Mental Stress of Investigators

• Hexacorn
  Splunk Queries – syntax highlighting (a wordfile for Ultraedit)

• Magnet Forensics
  • Identify – and Help Out – Great Digital Forensics Candidates in Your Agency
  • Catching Up with the Magnet User Summit CTF Winners
  • Meet Magnet Forensics’ Training Team: Patrick Beaver

• Salt Forensics
  Notifiable Data Breach Statistics

• Scar de Courcier
  A couple of interviews
  

SOFTWARE UPDATES

• Arsenal Consulting
  HiveRecon and HbinRecon Launched

• Atola
  Atola TaskForce 2018.1.3 – Accessing password-protected servers

• CDQR
  CDQR 4.1.7

• TSK/Autopsy
  The Sleuth Kit 4.6.2 and Autopsy 4.8.0 released

• Eric Zimmerman
  PECmd

• Evimetry
  Release 3.0.10

• MISP
  MISP 2.4.94 released (aka summer improvements)

• MobilEdit
  Forensic Express 5.5 Released!

• Oxygen Forensic
  Oxygen Forensic Detective 10.4

• Skadi
  • 2018.3 Update
  • Skadi 2018.3 Updates
  • Added Skadi Portable ISO

• Radare2
  r2-2.8 – codename OliveDealer

• Sanderson Forensics
  New release 3.2.15

• YARA
  YARA 3.8.0

And that’s all for Week 32! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!

As always, thanks to everyone for their support!