March 03, 2021

Cyber Forensicator

  • Articles
  • Books
  • Contact
  • How To
  • News
  • Presentations
  • Science
  • Software
  • Tips & Tricks
  • Videos
  • Webinars
  • White Papers
Home Articles (page 4)

Articles

Articles

Cloud Forensics: pCloud Drive

We continue our unforgetable journey to the world of cloud forensics. This time we are going to forensicate pCloud desktop application – pCloud Drive. pCloud is a file storage and synchronization service, emerged on September 13, 2013. The service supports cloud storage, file sharing, data backup and user collaboration. As of May 2018, pCloud has over 8 000 000 registered users all over the world, …

Read More
Articles

Cloud Forensics: Box

It seems we really enjoy forensicating desktop apps for cloud services. Last week we started from really secure cloud service app – Mega. This time we are going to continue with another, much more forensically friendly app, – Box. So Box is a popular enterprise content management platform, but, of course, can be used by regular users for managing content in the …

Read More
Articles

Cloud Forensics: Analyzing MEGASync

Nowadays almost everybody have an account at this or that cloud service. Dropbox, One Drive, Google Drive are some of the most popular services. There are also some services focused on security of their users data – one of such services is MEGA. According to the developers, “MEGA is fully accessible without prior software installs and remains the only cloud …

Read More
Articles

Windows 10 Time Rules

Timestamps play a very important role in many digital forensic examinations, so it’s very important for any forensic examiner or analyst to clearly understand how they work. SANS Institute has an amazing Windows Forensic Analysis poster illustrating Windows Time Rules, but recently a few of our DFIR friends noticed, that those rules are not working anymore. We have decided to …

Read More
Articles

Finding Metasploit’s Meterpreter Traces with Memory Forensics

Metasploit Framework is very popular not only among pentesters, but also quite often used by real adversaries. So why memory forensics is very important here? Because, for example, Meterpreter, an advanced, dynamically extensible Metasploit’s payload, resides entirely in memory and writes nothing to victim’s drive. In this article we will show you how to use Volatility Framework to find Metasploit’s traces with …

Read More
Articles

Forensic Analysis of Damaged SQLite Databases

SQLite databases are very common sources of forensic artifacts nowadays. A lot of mobile applications store data in such databases, you can also find them on desktop computers and laptops as well, for example, forensicating web-browsers, messengers and some other digital evidence sources. There are a lot of forensic tools on the market that support analysis of SQLite databases, for …

Read More
Articles

Detection of Backdating the System Clock in macOS

Recently we have received a good question from one of our DFIR mates: “How can one detect backdating of the system clock forensicating macOS?”. This is a really good question, at least for us, so we decided to research. If we are talking about Windows system clock backdating – there are a lot of information to help, for example, this …

Read More
Articles

Carving Fragmented Registry Files

Yet another registry parser, or yarp, is a library and tools to deal with Windows registry files [1]. Despite the name, yarp is not a simple registry parser. The project started as an attempt to fully implement the Windows registry file format specification [2] and to provide features important to incident responders and forensic examiners. This article will highlight one …

Read More
Articles

The Hitchhiker’s Guide to macOS USB Forensics

We are not sure about your labs, but our receives more and more Macs for forensic examination every month. And, of course, some of the cases require us to find forensic artefacts of external USB drives connections and files copying. We know that you guys liked our last article regarding USB forensics on Windows systems, so we decided to write …

Read More
Articles

The Hitchhiker’s Guide to USB Forensics

If you are a digital forensic examiner, you must know, that clients very often ask to find out, which sensitive files were copied to USB thumb drives by disgruntled employees before they left the company. There are a lot of articles and guides on USB forensics on the Web, but most of them dealing with the flash drives and not the computer …

Read More
Page 4 of 512345

Follow Us

About Us

Cyber Forensicator is a web-project by Igor Mikhaylov and Oleg Skulkin aiming on collecting all most interesting and important cyber and digital forensics news, articles, presentations, and so on, in one place.

Popular Posts

Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection

October 20, 2017

Cloud Forensics: Analyzing MEGASync

April 15, 2018

Windows Phone Physical Imaging Without JTAG and Chip-off

June 3, 2018

Timeline

  • January 24, 2021

    Analyzing videos with multiple video streams in digital forensics

  • December 19, 2020

    PC3000 Portable III in Digital Forensics

  • December 18, 2020

    How to analyze different types of devices and find connections between them

  • July 5, 2020

    Threat Hunting: What it Is, and What it Is Not

  • May 24, 2020

    Utilities go for launch!

CyberForensicator.com © Copyright 2016-2021, All Rights Reserved

Login

Welcome!Log into your account