Week 35 – 2018

FORENSIC ANALYSIS

THREAT INTELLIGENCE/HUNTING

UPCOMING WEBINARS/CONFERENCES

PRESENTATIONS/PODCASTS

MALWARE

MISCELLANEOUS

  • Bret Peters at ADF explains “search profiles” within the ADF tool, including the pre-built ones and creating custom profiles.
    Digital Forensic Search Profiles

  • Craig Ball at ‘Ball in your Court’ describes the process of drafting digital forensic examination protocols as well as provides some guidance as to why elements have been included.
    Drafting Digital Forensic Examination Protocols

  • Brett Shavers posted a few times this week
  • The guys at Cyber Forensicator shared a link to Anbox, which “is a container-based approach to boot a full Android system on a regular GNU/Linux system like Ubuntu.”
    Anbox: Boot a Full Android System on a Regular GNU/Linux System

  • Ken Pryor has returned to blogging! He also did a bit of validation testing of Dave’s Forensic Lunch as well as giving his experience with building a lab in response to Brett’s post
    LIfe Update, a little Object ID research and More

  • DME Forensics share four ways that examiners may be able to recover DVR evidence; DVR examiner, using the system itself, recording the footage with a camera, and lastly getting in touch with their technical services team for further assistance.
    Top 4 Ways to Recover DVR Video Evidence

  • Scar at Forensic Focus provided an overview of ICDF2C 2018
    ICDF2C 2018 – New Orleans September 10-12

  • Dave Cowen at the ‘Hacking Exposed Computer Forensics Blog’ continued his daily blogging
    • This week’s Sunday Funday challenge requests a Python script for identifying all files with ObjectIDs on a live Win10 system. I wrote half of it (the bit that enumerated all the files/folders recursively for a given path) but ran of time to pull object IDs.
      Daily Blog #464: Sunday Funday 8/26/18
    • Dave also advised that he will be heading over to England to teach FOR500 with Lee Whitfield at the end of the month.
      Daily Blog #465: Coming to London

  • Magnet Forensics posted a couple of times this week
  • Mark Mckinnon lists a variety of Autopsy modules that he has released, and also has a post explaining the Hash images plugin
    New Modules Have Been Released……

  • John Patzakis at X1 shares a case where presenting evidence stored on the “dark web” was essential.
    Dark Web Evidence Critical to all Cyber Investigations and Many eDiscovery matters

  • Luis Martinez at Persistent 4n6 shared some thoughts post FOR585, including the tools that he has added to the provided VM and why, verifying tools and results, workflows, as well as some additional resources he’s found useful.
    On the heels of FOR585

  • Terrence D. Williams has a guest post on ‘Smarter Forensics’ shared his process for how he picks a new skill and puts in the “grunt work” to learn it by setting aside 4 hours a day. I think some formatting was lost in translation though because the numbering system made me twitch a bit.
    Forensic Grunt Work

  • Tyler Hudak at TrustedSec throws out the idea of performing ’rounds’, similar to the medical industry, in the IR/SOC space. Sharing what we’ve found, and what we’re stuck on, has a net positive effect for all involved. Sometimes you’ll share something that someone else has experience dealing with, or sometimes you’ll share something that helps someone with their problem. By dealing with our problems as individuals we’ll either reinvent the wheel or not invent the wheel at all.
    Making the InfoSec Rounds

SOFTWARE UPDATES

And that’s all for Week 35! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!

As always, thanks to everyone for their support!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s