Блог

Программное обеспечение

Документооборот

https://kirjuri.kurittu.org/demo/index.php

https://github.com/AnttiKurittu/kirjuri

https://www.intaforensics.com/lima/

Видеофорензика

DVR Examiner

Amped FIVE

Elecard

Мобильная форензика

UFED 4PC (with CHINEX, UFED Camera Kit)

Cellebrute UFED Touch

Oxygen Forensics DETECTIVE

XRY

Elcomsoft Mobile Forensic Bundle

Облачная форензика

UFED Cloud Analyzer

Oxygen Forensics DETECTIVE

Elcomsoft Cloud eXplorer

Восстановление данных с мобильных устройств

Easy Z3x JTAG BOX

Octoplus Box

Samsung anyway S101

Восстановление данных

PC-3000 Express Professional System  (Acelab)

Data Extractor Express (Acelab)

PC-3000 Flash (Acelab)

Январь 3

Forensics Quickie: Methodology for Identifying Linux ext4 Timestamp Values in debugfs `stat` Command

Data Carving with Foremost

Detecting Tor communications

Cloud Forensics in Breach Investigations

Anatomy of the thread suspension mechanism in Windows

Hasty Scripts: Capture Google Activity Log

Forensic Implications of Software Updates: iOS, Android, Windows 10 Mobile

Forensic Case Files: Employee Hard Drive Switcheroo

Memory Forensics Investigation using Volatility (Part 1)

SMB2 – File/Directory Metadata

Quickpost: Data Exfiltration With Tor Browser And Domain Fronting

Yet another way to hide from Sysinternals’ tools, part 1.5

Leveraging Emond on macOS For Persistence

We Smell a RAT: Detecting a Remote Access Trojan That Snuck Past a User

Hunting for Network Share Recon

Analysis of a Polish BankBot

Threat Spotlight: LockPOS Point of Sale Malware

New Year, New Look – Dridex via Compromised FTP

What can you do with 250K sandbox reports?

Interpreting Antivirus Detection Names

RIG Exploit Kit Delivers Ramnit Banking Trojan via Seamless Malvertising Campaign

A coin miner with a “Heaven’s Gate”

Huge Botnet Attacking Italian Companies

Git Your RATs Here!

Decrypting malicious PDFs with the key, (Mon, Jan 15th)

Skygofree: Following in the footsteps of HackingTeam

Unpatched Oracle WebLogic Servers Infected with Cryptocurrency Software

The Big Zeus Family Similarity Showdown

Microsoft Office Vulnerabilities Used to Distribute Zyklon Malware in
Recent Campaign

Let’s Learn: Dissect Rig Exploit Kit Anti-Bot Filter Gate

LaZagne, a credentials recovery tool

Blockchain and Digital Forensics

Improved PRNU-Based Forgery Localization

The Power of Bro and why you should include it in your security infrastructure

Malware Data Science: Attack Detection and Attribution

Learning Malware Analysis

Portable Dynamic Malware Analysis with an Improved Scalability and Automatisation

Growth in a Small Forensics Company – Our First Employee

Mobile forensic case study: Tennessee Dept. of Correction

from thisweekin4n6

Январь 2

Recovering deleted internet history from System Restore points

Windows Console Command History: Valuable Evidence for Live Response Investigation

iOS Imaging on the Cheap! – Part Deux! (for iOS 10 & 11)

Forensically Collecting Emails — 5 Things to Know

Evidence acquisition workflow in 5 steps

Defending Against an Advanced Persistent Threat (APT)

8 Steps to Start Threat Hunting

How Cyberbit Researchers Discovered a New Silent LockPoS Malware Injection Technique

Industrial Control Threat Intelligence

Using MISP to share vulnerability information efficiently

Sysmon-modular (GitHub)

Digital Forensic Analysis of Amazon Linux EC2 Instances

Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux Container Environments

Threat Hunting for Internal RDP Brute Force Attempts

The Industrial Revolution of Lateral Movement

Unpacking Pykspa Malware With Python and IDA Pro – Subscriber Request Part 1

Memory Forensics Sodium Pentothal for Your Security

Microsoft Office DDE Detection

‘RubyMiner’ Cryptominer Affects 30% of WW Networks

Coin Mining By Opportunistic And Automated Threats

When Scriptlets Attack: The Moniker

CSE Malware ZLab – Double Process Hollowing -The stealth process injection of the new Ursnif malware

Reputations and PCI Data Breaches

DFIR Research

 

Январь

Новости компьютерной криминалистики

How to mount Mac APFS images in Windows

Mounting an APFS image in Linux

Volatility plugin to extract BitLocker Full Volume Encryption Keys

Database Reverse Engineering

ADRecon Overview

A List of Incident Response sources

  • Aaron at DigitalResidue provides a primer on virtual memory and explains a few Volatility plugins
    damn blogger.com

Mobile Forensic Process: Steps and Types

Safari Plugin Forensics – com.apple.Safari.plist

Practical Exercise – Image Carving

Automating the detection of Mimikatz with ELK

Working With Sysmon Configurations Like a Pro Through Better Tooling

Setting your Threat Hunting Calendar for 2018

Threat Hunting with Bro

Statistical Methods for Analyzing Event Time-Series Data in Digital Forensics

Malware Analysis – Unpack and Decompile Python-to-Exe Malware

Lab Setup – Setting up Python, Pip and Uncompyle6

New Python-Based Crypto-Miner Botnet Flying Under the Radar

Threat Profile: RokRAT

How keyloggers works: a simple example of keyboard hooking using Python

Triton: What You Need to Know

Building a Lab Pt.2 Software

Legal Email Collection

Magnet Forensics in 2017 – A Look Back by the Numbers

iCloud Drive can strip (meta)data from your documents

 

Май

Новые исследования в компьютерной криминалистике

Adventures in Laptop Forensics 

Another OSX.Dok dropper found installing new backdoor

Snake malware ported from Windows to Mac 

HandBrake Hacked! 

Super Free Music Player in Google Play is malware: a technical analysis 

Police Backlogs—Is Throwing Bodies at the Problem the Answer? 

Practical Packet Analysis Photo Contest