Another week of links only, the break has been very nice to have
As always, Thanks to those who give a little back for their support!
FORENSIC ANALYSIS
- Dave Cowen at the ‘Hacking Exposed Computer Forensics Blog’
- Daily Blog #582: Solution Saturday 12/29/18
- Daily Blog #583: Sunday Funday 12/30/18
- Daily Blog #584: New Years Eve 2018
- Daily Blog #585: Happy new year 2019
- Daily Blog #586: Forensic Lunch Test Kitchen Server 2019 Shimcache Srum Syscache
- Daily Blog #587: Forensic Lunch Test Kitchen 1/4/19 Server 2019 Amache
- Alexis Brignoni at ‘Initialization Vectors’
Update on identifying installed and uninstalled apps in iOS - Adam Harrison at 1234n6
- Adam Ferrante
Ali Hadi’s Challenge #3 | Solved! - ForensicZone
KAI OS Forensics for Money and Profit - Maxim Suhanov
What writes to the Syscache hive? - Antonio Sanz at ‘Security Art Work’
DEFCON 2018 DFIR CTF – Reto forense (Intro + Nivel 1) - Joe at Sparky Tech
THREAT INTELLIGENCE/HUNTING
- Tony DeGonia at AlienVault
The “Internal” Cyber Kill Chain Model - Devon at AboutDFIR
THREAT HUNTING FOR NON-HUNTERS - Adam at Hexacorn
- Nextron Systems
50 Shades of YARA - Lee Holmes at Precision Computing
Extracting Activity History from PowerShell Process Dumps - Robert M. Lee
Attribution is not Transitive – Tribune Publishing Cyber Attack as a Case Study - Mark Nunnikhoven at Trend Micro
Incident Response In The Public Eye
PRESENTATIONS/PODCASTS
- Joshua James at DFIR.Science
- Digital Forensic Survival Podcast
DFSP # 150 – AppLocker Bypass - SANS
- Differentiating Evil from Benign in the Normally Abnormal World – SANS Threat Hunting Summit 2018
- Heather Mahalik “Questions Answered” 1
- Smartphone Forensics Investigations: iOS Malware – Where to begin
- Smartphone Forensics Investigations: What if nothing supports Android Pie (v9)
- Smartphone Forensics Investigations: Why Every Examiner Needs a Test Device?
- Smartphone Forensics Investigations: An Overview of Third Party App Examination
- This Month In 4n6
This Month In 4n6 – December– 2018
MALWARE
- Shaun Hurley and James Scalise at CrowdStrike
Digging into BokBot’s Core Module - Eli Salem, Lior Rochberger, and Niv Yona at Cybereason
Banking Trojan Delivered By LOLbins: How the Ramnit Trojan spreads via sLoad in a cyberattack - Marcus Edmondson
- Brian Laskowski at Laskowski-Tech
Deobfuscating PHP malware - Malwarebytes Labs
- SANS Internet Storm Centre Handler Diaries
- Ecular Xu and Grey Guo at Trend Micro
Spyware Disguises as Android Applications on Google Play
MISCELLANEOUS
- Bradford Oliver at ADF
What’s the best Digital Forensic Training? - Alexander Jäger
- Yulia Samoteykina at Atola
Calculating hash in the course of imaging - Brett Shavers
- Devon at AboutDFIR
Android Nougat Image Available to the DFIR Community - Joachim Metz
DFIR Labs - Andrew Skatoff
Check out @DFIR_TNT’s Tweet - Andrew Frowen at IntaForensics
Lima v2.6 – Capacity Reports (New Feature) - SalvationData
[Case Study] DVR Forensics: An Introduction to H.264 Compression and Digital Video Recorders (DVRs) - Howard Oakley at The Eclectic Light Company
Aliases, hard links, symlinks, and copies in Mojave’s APFS - Marcos at ‘Un minion curioso’
#DFIR: Visualization of timelines with Gource - Wyatt Roersma
Check out @WyattRoersma’s Tweet - Pieces0310
高版本安卓手机的取证未来 – Pieces0310
SOFTWARE UPDATES
- Didier Stevens
New Tool: msoffcrypto-crack.py - MISP
MISP 2.4.100 released (aka happy new year release) - SalvationData
[Software Update] Mobile Forensics: SPF Pro V6.85.28 New Version Release for Better User Experience! - Skadi
Skadi 2019.1 - SOF-ELK
Check out @SOF_ELK’s Tweet
And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!
This Week In 4n6 