Week 10 – 2019

Lee Whitfield has opened up nominations for the Forensic 4cast awards, held during the SANS DFIR Summit. This site has been nominated as blog of the year the last two years running, and it is greatly appreciated if you could take the time to nominate it again.
Forensic 4:cast Awards 2019 – Nominations are Open

As always, Thanks to those who give a little back for their support!

FORENSIC ANALYSIS

THREAT INTELLIGENCE/HUNTING

UPCOMING WEBINARS/CONFERENCES

PRESENTATIONS/PODCASTS

MALWARE

MISCELLANEOUS

SOFTWARE UPDATES

  • AChoir v3.2 was released
    AChoir Release v3.2 
  • Kshitij Kumar and Jai Musunuri at CrowdStrike have released “AutoMacTC, an open-source triage collector utility that helps investigators swiftly gather the relevant data, find answers and then eradicate adversaries from their environments.”
    AutoMacTC: Automating Mac Forensic Triage 
  • CRU updated their WriteBlocking Validation Utility to v2019.03.06, but I couldn’t find any release notes. For those that aren’t aware, you can run this tool against a hard drive connected to any write blocker to see how it fares against direct write and read commands.
    Download CRU’s WriteBlocking Validation Utility 
  • Didier Stevens updated his pdf-parser Python script to version 0.7.1
    Update: pdf-parser.py Version 0.7.1 
  • Eric Zimmerman updated EZViewer, TimelineExplorer and MFTECmd, as well as a new version of KAPE with a number of new features.
    ChangeLog 
  • Evimetry 3.2.0 was released with bug fixes and improvements.
    Release 3.2.0 
  • ExifTool 11.31 was released with a number of new tags and bug fixes
    ExifTool 11.31 
  • Magnet Forensics have updated their Axiom Wordlist generator to generate an optomised wordlist of potential iOS passcodes for use with the Graykey device
    Utilizing AXIOM Wordlist Generator to Optimize Handset Lock Code Breaking 
  • Metaspike released Forensic Email Collector v3.7.1.0 with a number of improvements.
    Forensic Email Collector (FEC) Changelog 
  • “A new version of MISP (2.4.103) has been released with significant UI improvements (including a new flexible attribute filtering tool at the event level), many bug fixes and a fix to a security vulnerability (CVE-2019-9482) which was affecting sighting visibility.”
    MISP 2.4.103 released (aka UI improvements) 
  • X-Ways Forensics 19.8 SR-3 was released with some bug fixes
    X-Ways Forensics 19.8

And that’s all for the week! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s