Week 47 – 2018







  • Brett Shavers posted a few times on his blogs
    • Brett comments on there sometimes being a need for attribution in IR cases. The case mentioned was originally thought to be external, but quickly was identified as being an inside threat case.
      Don’t totally discount attribution in Incident Response work
    • And shares his thoughts on dealing with the ransom component of ransomware
      On ransomware, my advice is different from that other guy’s advice.
    • Brett has put out the call for advertisers on DFIR Training to help pay for the upkeep of the site. The Patreon will continue, but that looks like it’ll get you a much better deal on Brett’s training courses than buying them individually.
      Advertising on DFIR Training? Seriously?
    • Lastly, Brett discusses the basic skills that are important to DFIR professionals and points out that many vendors aren’t necessarily responsible for covering the basics, which is why many courses assume that as prerequisite knowledge
      Wax on. Wax off.

  • There were a number of posts on Forensic Focus this week
  • Magnet Forensics posted a couple of times this week
    • Christa Miller interviewed Alexis Brignoni, who readers would recognise from his almost incessant posting of mobile forensic chat app analysis. Alexis points out something that people who regularly appear on this blog have realised; that “Everybody has something to contribute” and “It doesn’t have to take hours a week, just a few minutes to share what you know so others can build on your work. Even if it is something you believe others know already, share it still. Your way of presenting that knowledge might make a world of difference to someone that has never seen it the way you do.”
      Shared Space for DFIR Contributions: An Interview with Alexis Brignoni
    • Trey Amick advises that the customer portal has been updated to make it easier to download the deltas to upgrade Axiom to the latest version (for offline installs, rather than downloading the entire 2GB install)
      Delta Packs Let You Download AXIOM Updates Quickly

  • Network dumps from RuCTFE 2018 have been uploaded.
    Check out @RuCTFE’s Tweet

  • Howard Oakley at The Eclectic Light Company describes the security features of the new Mac’s with T2 chips. Howard advises that by default the Macs are shipped with encryption and full security enabled, which means no booting from external drives. This will make acquisition of these devices much harder.
    Welcome to your new Mac: living with the T2 chip


And that’s all for Week 47! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!

As always, thanks to those who give a little back for their support!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s