April 17, 2021

Cyber Forensicator

  • Articles
  • Books
  • Contact
  • How To
  • News
  • Presentations
  • Science
  • Software
  • Tips & Tricks
  • Videos
  • Webinars
  • White Papers
Home Articles

Articles

Articles

Find out what happened during a ransomware attack on computer

Introduction The encryption pandemic has swept the world. No commercial companies or government organizations can consider themselves safe. Even seemingly isolated networks have been exposed to such attacks. Typically, hackers aim to seize computers and ask for ransom either to restore the infrastructure of the attacked company or to return the information stolen from companies. A large number of such …

Read More
Articles

Analyzing videos with multiple video streams in digital forensics

In this article, we will review a special case of video files: files with multiple video streams. What does this mean and why is it important in course of a digital forensic (and, perhaps, incident response) case? Most of video file formats comprise a container: “The container file is used to identify and interleave different data types. Simpler container formats …

Read More
Articles

PC3000 Portable III in Digital Forensics

Introduction Sooner or later, most forensics experts have to deal with damaged hard drives. It is certain to happen. We deal with them all the time. Such hard drives are either initially damaged when seized from their owners, or they are damaged as a result of violation of the rules for storing and transporting digital evidence. According to our statistics, …

Read More
Articles

How to analyze different types of devices and find connections between them

Modern digital forensics and incident response cases may involve quite different types of devices. The variety of electronic gadgets increases every day, from traditional smartphones to yet uncommon things such as smart contact lenses or toasters with Internet connection, allowing to burn today’s weather forecast on your morning piece of bread. No surprise that you use different tools to acquire …

Read More
Articles

Threat Hunting: What it Is, and What it Is Not

Nowadays everybody is talking about threat hunting. Everyone wants to be a threat hunter. Every employer wants to hire a threat hunter. And every vendor claims their products are suitable for threat hunting. Potentially, this is the main reason why today people start to call “threat hunting” anything. And this is one of the reasons I decided to go back …

Read More
Articles

Utilities go for launch!

Smartphones and tablets are widely used in everyday life and in various technological processes. For this reason, they often become a part of forensics investigations in informational security cases. This article analyzes the efficiency of the forensic suits used to study such devices. Introduction There are three main problems in the mobile forensics: The first one – mobile devices data …

Read More
Articles

Checkm8 review translation

The checkm8 exploit for iOS devices emerged in September 2019. It opened new doors for digital forensics researchers and investigators, who are always looking to extract and analyze data from devices. Can I extract data from a blocked or damaged iPhone? Can I find the PIN code of a blocked device? You will find the answers to these questions and …

Read More
Articles

Looking at Microsoft Teams from a DFIR Perspective

David Cowen’s Sunday Funday is back, so why not to take part in this fun? Last Sunday’s challenge was to look at Microsoft Teams from a forensic or DFIR perspective, so here we go. The first question, where are the artifacts? It looks like the artifacts are located under C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Teams: A folder with Microsoft Teams data So, we can see …

Read More
Articles

Forensic Walkthrough: QBot Infection

For some reason, there are not so many posts on forensic examination of hosts infected with different malware families. We decided to change this tendency and start a new series – Forensic Walkthrough. Today’s guest is QBot (QakBot). It was first discovered in 2009 and mainly targeted browsing data related to banking websites. Its worm-like capabilities allow it to spread …

Read More
Articles

SQM: New Evidence of Execution Source?

Forensicating one of compromised hosts during our recent incident response activities we have found some interesting artifacts in SQM data. Let’s start from what SQM is. First of all, it’s an acronym for Software Quality Metrics. It used to be named Service Quality Monitoring and became an operating system component since Windows Vista. It is used to collect and send …

Read More
Page 1 of 612345 ...Last

Follow Us

About Us

Cyber Forensicator is a web-project by Igor Mikhaylov and Oleg Skulkin aiming on collecting all most interesting and important cyber and digital forensics news, articles, presentations, and so on, in one place.

Popular Posts

Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection

October 20, 2017

Cloud Forensics: Analyzing MEGASync

April 15, 2018

Windows Phone Physical Imaging Without JTAG and Chip-off

June 3, 2018

Timeline

  • March 4, 2021

    Find out what happened during a ransomware attack on computer

  • January 24, 2021

    Analyzing videos with multiple video streams in digital forensics

  • December 19, 2020

    PC3000 Portable III in Digital Forensics

  • December 18, 2020

    How to analyze different types of devices and find connections between them

  • July 5, 2020

    Threat Hunting: What it Is, and What it Is Not

CyberForensicator.com © Copyright 2016-2021, All Rights Reserved

Login

Welcome!Log into your account