Increased use of cloud storage services have become a necessity alternative that complements the main storage media in everyday activities because it offers ease of doing automatic backups, sharing files and photos and so forth on a variety of computing devices and smartphones. It is very possible loopholes for criminals to store illegal files or matters relating to such activities. …

Didier Stevens has published a post about using ClamAV with YARA rules for hunting in NVISO Labs blog. He notes that one of the important features of ClamAV is the file decomposition capability. So if the file you want to analyze resides in an archive, or is a packed executable, then ClamAV unarchives/unpacks it, and run the YARA engine. Also you will …

In this post BlackBag Training Team explains how to collect information about external USB attached storage devices from a Windows 7 system. You will learn how to determine the volume name, the mount point, and when the device was first connected.

Cyber Crimes are increasing day by day, ranging from confidentiality violation to identity theft and much more. The web activity of the suspect, whether carried out on computer or smart device, is hence of particular interest to the forensics investigator. Browser forensics i.e forensics of suspect’s browser history, saved passwords, cache, recent tabs opened etc. , therefore supply ample amount …

In this video Joshua I. James from Cybercrime Technologies will show you how to use a hash database with your favorite open source digital forensic tool – Autopsy 4. Hash databases can be used to quickly find known-bad or known-good files during an investigations. They can also be used to filter uninteresting files out of the case view.

Byte Atlas has published an interesting post on how to create and configure Windows 7 x64 virtual machine in VitrualBox for malware analysis. This is step by step guide, so you can create the same VM yourself.

In this post Michael Haag describes utilizing Sysmon to perform threat hunting. You will learn how to setup the tools you need, in Michael’s case – Sysmon and Splunk, but you can use other logging platforms as well, for example, Graylog or ELK. After the author describes the process of hunting in Splunk.

BlackBag Training Team has published a fresh post. This time they are speaking about Windows Volume Shadow Copies. You will learn about the difference between Volume Shadow Copies and System Restore Points, how Volume Shadow Copy Service works and how to use these copies in your Windows forensic examinations.

Stephanie Archibald from Cylance has written an article about the execution of multi-stage payloads on Mac OS X (up to Sierra). According to the author, “a common technique for executing multi-stage payloads is to have an initial payload that can then load executables, libraries, or bundles from memory instead of a computer’s hard disk”. You will learn what dyld is, how to …

Matt Aubert from Cisco has published an interesting post about malware analysis. He has chosen incident responders as the target audience and describes both static property and interactive behavior analysis using pestudio, Process Monitor, Wireshark, INetSim, ProcDOT, Windows 7 Service Pack 0 32-bit and REMnux.