FORENSIC ANALYSIS Glenn Edwards Jr at Hidden Illusion has a post on enumerating prefetch filename hashes to brute force the original path of an executable. He also lists various use-cases where this may be helpful. Go Prefetch Yourself Jim Hoerricks at Amped Software discusses when someone should seize a DVR and provides some resources for […]

FORENSIC ANALYSIS Adam Harrison has started a new blog, 1234n6, and wrote a couple of articles regarding the analysis of volumes with data deduplication enabled. The “first post serves as an introduction to Data Deduplication and speaks to how to identify whether a system or disk image has Data Deduplication enabled” Windows Server Data Dedupliction and […]

FORENSIC ANALYSIS The guys at Cyber Forensicator shared an article by Timothy Opsitnick, Joseph Anguilano and Trevor Tucker on how computer forensics can be used to assist to investigate employee data theft. Using Computer Forensics to Investigate Employee Data Theft There were a couple of posts on Elcomsoft’s blog this week Olga Koksharova at Elcomsoft […]

FORENSIC ANALYSIS There were a few posts on Cyber Forensicator this week They shared a paper by Andrew Case, Arghya Kusum Das, Seung-Jong Park, J. (Ram) Ramanujam and Golden G.Richard III from DFRWS US 2017 titled “Gaslight: A comprehensive fuzzing architecture for memory forensics frameworks” Gaslight: A comprehensive fuzzing architecture for memory forensics frameworks They […]

FORENSIC ANALYSIS Brett Shavers wrote a few articles this week The first post discusses the various aspects of a photograph that can be used to place the suspect at the scene of the crime. This includes the content, combining the various elements of data stored in metadata with your knowledge of the case, as well […]

FORENSIC ANALYSIS The guys at Digital Forensics Corp shared a couple of articles of interest this week They shared an article on idownloadblog about the recent Apple Watch jailbreak released at DC25. Apple Watch jailbreaking They shared an article on Infosec Addicts on performing an Android acquisition. How to do Physical Acquisition in Android Forensics […]

I keep forgetting to mention, if people want to be notified when these posts come out then there’s a place to enter an email address on the left-hand side. I do get to see your email, but I’m not going to be doing anything with the information if that was a concern. Alternatively, there’s RSS […]

FORENSIC ANALYSIS Chris Sanders has released a new online course for using ELK for Security Analysis. New Online Course: ELK for Security Analysis The guys at Cyber Forensicator shared a post by Quentin Jerome at RawSec on carving EVTX files. Carving EVTX Devon Ackerman at AboutDFIR investigates the connection between whoer.net and https://mc.yandex.ru/metrika/watch.js seen in […]

FORENSIC ANALYSIS Arsenal Consulting have shared details “about a forged digital forensics report we received during the Odatv trial in Turkey. The report is particularly interesting to us because the report was on our letterhead, with my signature, but we had nothing to do with it or the “case” it related to.” Forged Digital Forensics […]

Long one this week…so took me a bit longer than usual, but at least here it is! FORENSIC ANALYSIS Paula Januszkiewicz at CQURE shows how to extract hashes from SQL server Understand how to extract hashes from SQL server logins before you regret The guys at Cyber Forensicator shared a few posts this week They […]