Week 9 – 2019

As always, Thanks to those who give a little back for their support!

FORENSIC ANALYSIS

  • Alexis Brignoni at ‘Initialization Vectors’ has released a new script for pulling out plists found embedded within the iOS KnowledgeC database. I came to Alexis with a problem of automating the extraction of these plists and he delivered in spades.
    iOS Bplist Inception 
  • Howard Oakley at ‘The Eclectic Light Company’ shares a method of recovering a corrupt PDF on MacOS taking advantage of previous versions.
    Recovering a damaged document 
  • Ryan Benson at dfir.blog shares some of the values in the Chrome source that are useful in identifying program/user actions.
    Chrome Values Lookup Tables 

THREAT INTELLIGENCE/HUNTING

UPCOMING WEBINARS/CONFERENCES

PRESENTATIONS/PODCASTS

  • A new episode the ‘Brakeing Down Incident Response’ was released
    Episode 010 

MALWARE

MISCELLANEOUS

  • Jaco at ‘The Swanepoel Method’ documents the processing stage of his ForensicMania showdown; describing the processing options and speeds to complete for the various tools.
    #ForensicMania S01E01 – Processing 
  • Ryan Benson at dfir.blog has created a collapsible indented tree that “lets you explore how the files and databases that make up the browsing history recorded in a Chrome profile have evolved through the versions”
    Chrome Evolution 
  • Dr. Neal Krawetz at ‘The Hacker Factor Blog’ provides an overview of the HEIC format
    HEIC Yeah

SOFTWARE UPDATES

  • Eric Zimmerman updated a large number of his tools, however the biggest rewrite was regarding RECmd’s batch mode to improve speed and accuracy of wildcard searching.
    ChangeLog 
  • ExifTool 11.29 (development) was released with new tags and bug fixes
    ExifTool 11.29 
  • Maxim Suhanov released dfir_ntfs 1.0.0-beta6.
    1.0.0-beta6 

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s