FORENSIC ANALYSIS Chris Sanders has released a new online course for using ELK for Security Analysis. New Online Course: ELK for Security Analysis The guys at Cyber Forensicator shared a post by Quentin Jerome at RawSec on carving EVTX files. Carving EVTX Devon Ackerman at AboutDFIR investigates the connection between whoer.net and https://mc.yandex.ru/metrika/watch.js seen in […]

FORENSIC ANALYSIS Arsenal Consulting have shared details “about a forged digital forensics report we received during the Odatv trial in Turkey. The report is particularly interesting to us because the report was on our letterhead, with my signature, but we had nothing to do with it or the “case” it related to.” Forged Digital Forensics […]

Long one this week…so took me a bit longer than usual, but at least here it is! FORENSIC ANALYSIS Paula Januszkiewicz at CQURE shows how to extract hashes from SQL server Understand how to extract hashes from SQL server logins before you regret The guys at Cyber Forensicator shared a few posts this week They […]

Aaaaaaaaand we’re back 😀 I am considering going back and fixing up the last two posts, but that depends on both a) interest by readers and b) my time FORENSIC ANALYSIS There were a couple of posts by the guys at Amped Software David Spreadborough shows how to use Amped Five to collaborate in a […]

Another week of links only; hoping to return to scheduled programming next week but depends on how I go with the travel/jet lag. Spent the last few days with some awesome people at the SAN DFIR Summit; learnt a lot, met a lot of people, and overall had a great time. Unfortunately didn’t win the […]

Taking a break this week (and probably next week too) so no summaries, just links 🙂 FORENSIC ANALYSIS Amped Software Understanding how online services change images Articles Turning the Investigations Dial Toward Practice Over Theory Atola Technology Creating a logical image of a source drive Between Two DFIRns CyberChef: Example DFIR Use Cases Compass Security […]

FORENSIC ANALYSIS The guys at Cyber Forensicator had a couple of posts this week They shared a paper by Baljit Singh, Dmitry Evtyushkin, Jesse Elwell, Ryan Riley, and Iliano Cervesato titled “On the Detection of Kernel-Level Rootkits Using Hardware Performance Counters” from the 2017 ACM on Asia Conference on Computer and Communications Security. On the […]