FORENSIC ANALYSIS Brett Shavers wrote a few articles this week The first post discusses the various aspects of a photograph that can be used to place the suspect at the scene of the crime. This includes the content, combining the various elements of data stored in metadata with your knowledge of the case, as well […]

FORENSIC ANALYSIS The guys at Digital Forensics Corp shared a couple of articles of interest this week They shared an article on idownloadblog about the recent Apple Watch jailbreak released at DC25. Apple Watch jailbreaking They shared an article on Infosec Addicts on performing an Android acquisition. How to do Physical Acquisition in Android Forensics […]

I keep forgetting to mention, if people want to be notified when these posts come out then there’s a place to enter an email address on the left-hand side. I do get to see your email, but I’m not going to be doing anything with the information if that was a concern. Alternatively, there’s RSS […]

FORENSIC ANALYSIS Chris Sanders has released a new online course for using ELK for Security Analysis. New Online Course: ELK for Security Analysis The guys at Cyber Forensicator shared a post by Quentin Jerome at RawSec on carving EVTX files. Carving EVTX Devon Ackerman at AboutDFIR investigates the connection between whoer.net and https://mc.yandex.ru/metrika/watch.js seen in […]

FORENSIC ANALYSIS Arsenal Consulting have shared details “about a forged digital forensics report we received during the Odatv trial in Turkey. The report is particularly interesting to us because the report was on our letterhead, with my signature, but we had nothing to do with it or the “case” it related to.” Forged Digital Forensics […]

Long one this week…so took me a bit longer than usual, but at least here it is! FORENSIC ANALYSIS Paula Januszkiewicz at CQURE shows how to extract hashes from SQL server Understand how to extract hashes from SQL server logins before you regret The guys at Cyber Forensicator shared a few posts this week They […]

Aaaaaaaaand we’re back 😀 I am considering going back and fixing up the last two posts, but that depends on both a) interest by readers and b) my time FORENSIC ANALYSIS There were a couple of posts by the guys at Amped Software David Spreadborough shows how to use Amped Five to collaborate in a […]

Another week of links only; hoping to return to scheduled programming next week but depends on how I go with the travel/jet lag. Spent the last few days with some awesome people at the SAN DFIR Summit; learnt a lot, met a lot of people, and overall had a great time. Unfortunately didn’t win the […]

Taking a break this week (and probably next week too) so no summaries, just links 🙂 FORENSIC ANALYSIS Amped Software Understanding how online services change images Articles Turning the Investigations Dial Toward Practice Over Theory Atola Technology Creating a logical image of a source drive Between Two DFIRns CyberChef: Example DFIR Use Cases Compass Security […]

FORENSIC ANALYSIS The guys at Cyber Forensicator had a couple of posts this week They shared a paper by Baljit Singh, Dmitry Evtyushkin, Jesse Elwell, Ryan Riley, and Iliano Cervesato titled “On the Detection of Kernel-Level Rootkits Using Hardware Performance Counters” from the 2017 ACM on Asia Conference on Computer and Communications Security. On the […]