March 03, 2021

Cyber Forensicator

  • Articles
  • Books
  • Contact
  • How To
  • News
  • Presentations
  • Science
  • Software
  • Tips & Tricks
  • Videos
  • Webinars
  • White Papers
Home Articles (page 2)

Articles

Articles

Tools up: the best software and hardware tools for computer forensics

Igor Mikhailov is a digital forensic analyst of the digital forensic laboratory at Group-IB and the picture below shows how one of his business cards looked like. These are hardware keys of forensic tools that the digital forensic analyst used conducting forensic examinations. The cost only of these products exceeds tens of thousands of dollars and there are other free …

Read More
Articles

Following the RTM

Researchers became aware of the activities of the RTM group in December 2015. Since then, phishing emails distributing the trojan have been sent to potential victims with admirable persistence. From September to December 2018 the RTM group sent out more than 11,000 malicious emails. The cybercriminals, however, are not going to stop there, as evidenced by the new malicious campaigns …

Read More
Articles

Using MITRE ATT&CK for Forensics: Image File Execution Options Injection (T1183)

As was promised, we continue our Using MITRE ATT&CK for Forensics series. This time we are going to discuss another persistence mechanism that isn’t so common in-the-wild. It’s Image File Execution Options (or IFEO) injection, persistence technique with ID T1183. So, what are IFEO? These options enable a developer to attach a debugger to an application. What is more, IFEO …

Read More
Articles

Using MITRE ATT&CK for Forensics: WMI Event Subscription (T1084)

First of all, I would like to thank all of those who liked and retweeted the previous article from this series, BITS Jobs (T1197). I’m planning to continue working on this series and publish a post a week. This week I’m going to write about a persistence mechanism that became quite popular recently – WMI Event Subscription (T1084). I think …

Read More
Articles

Using MITRE ATT&CK for Forensics: BITS Jobs (T1197)

If you are doing incident response, you must know what MITRE ATT&CK is. As it’s a great guide to threat actors tactics and techniques, I thought it’s a good idea to look at it from a forensic perspective. The ATT&CK can definitelly help digital forensic analysts to find evil both during traditional host-based forensic activities and more incident response related …

Read More
Articles

Deleting Any Message from Both Ends in Telegram: How Will It Impact Mobile Forensics?

On Marth 24th Telegram released a new version of their messenger, and introduced a new feature – ability “to delete any message you have sent or received from both sides in any private chat”. According to Telegram’s official website, “the messages will disappear for both you and the other person – without leaving a trace.” Sounds pretty interesting, right? Let’s …

Read More
Articles

Incident Forensics Lifecycle

Recently I’m becoming more and more interested in cyber threat intelligence. I even started preparing for GCTI certification. CTI uses models and chains, you may have heard about the Diamond Model and Cyber Kill-Chain. Incident response has its own lifecycle – from preparation and identification to recovery and lessons learnt. Digital forensics has a certain process as well: collection, examination, …

Read More
Articles

Amcache Forensics: Populated or Not?

New Sunday – new Funday! This week’s Sunday Funday presented the following challenge to solve: What are all the methods of execution you can find that are not recorded in the Amcache hive? All testing have been done on Windows 10 (Version 1803, OS Build 17134.523). For testing I used netscan.exe (x64), it’s available here, it was renamed according to …

Read More
Articles

Shellbags Forensics: Directory Viewing Preferences

Had some free time last week, so decided to participate in David Cowen’s Sunday Funday challenge. My submission didn’t win, but I decided to post it anyway. 1. What within the shellbags entry would tell you how the user had set their directory viewing preferences (sort order, thumbnail view, standard view) You can find these settings under: UsrClass.dat: Local Settings\Software\Microsoft\Windows\Shell\Bags\<Node_slot>\ComDlg\{GUID} …

Read More
Articles

Silence: Dissecting Malicious CHM Files and Performing Forensic Analysis

Let’s continue to dissect unusual malicious email attachments used by modern APT. This time I’m going to focus on malicious CHM files used by Silence APT. If you haven’t heard about it for some reason, I would recommend to read this detailed report by Group-IB, as this APT attacks not only Russian banks, but also banks in more than 25 countries. …

Read More
Page 2 of 512345

Follow Us

About Us

Cyber Forensicator is a web-project by Igor Mikhaylov and Oleg Skulkin aiming on collecting all most interesting and important cyber and digital forensics news, articles, presentations, and so on, in one place.

Popular Posts

Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection

October 20, 2017

Cloud Forensics: Analyzing MEGASync

April 15, 2018

Windows Phone Physical Imaging Without JTAG and Chip-off

June 3, 2018

Timeline

  • January 24, 2021

    Analyzing videos with multiple video streams in digital forensics

  • December 19, 2020

    PC3000 Portable III in Digital Forensics

  • December 18, 2020

    How to analyze different types of devices and find connections between them

  • July 5, 2020

    Threat Hunting: What it Is, and What it Is Not

  • May 24, 2020

    Utilities go for launch!

CyberForensicator.com © Copyright 2016-2021, All Rights Reserved

Login

Welcome!Log into your account