Joshua James has published a video-tutorial on how to build Linux kernel profiles for memory forensics with Volatility. He notes thatĀ Linux kernel changes data structures and debug symbols often, so it’s very important for a digital forensics examiner to be able to create Linux profiles for the version of Linux that he or she is trying to analyze.
Nicole Ibrahim has published a post on FSEvents forensics.Ā In this post she is covering a high-level overview of Apple FSEvents logs that are stored to diskĀ includingĀ backgroundĀ information and behavior of FSEvents, mainly dealing with OS X but also touching on iOS.
Ted Smith has published a video tutorial on how to view digital evidence remotely usingĀ X-Ways Investigator CTR:
James Grant has posted his findings from an analysis of a Ford Sync first generation module he undertook as part of his masterās project at university into vehicle forensics.
Eyal Neemany has published a post on how to use PowerShell to expose command line shells history. He notes thatĀ the biggest trend in the last few years is the use of Non-Malware attacks. There are a few reasons why we see increased use of scripting language based malwares: Some of them are installed by default on every Windows operating system. …
This response plan includes steps to contain the threat, hunt for existing infections, and remediation. Following is a list of tasks that should be performed across your organization. These tasks can and should be parallelized. The patching process can be slower but itās important to start as soon as possible, even while containment is taking place. The authors recommend automation …
In this video Mark Baggett will show you how you can use a tool named SRUM-DUMP to capture critical DFIR (Digital Forensics and Incident Response) data like the dates and times processes were executed, which networks they used, how much data was transmitted and received, the Security Identifier of the user that launched the process and more. Then Mark will …
Preston Miller from DPM Forensics has published a post on how to recover data from damaged USBs. In the post heĀ discusses a few methods can be used to extract data from aĀ broken USB device. You’ll learn how to remove the chip from the board and how to solder it onto the donor.
Joshua James from Cybercrime Technologies has recorded a nice tutorial on how to extract text from images with Tesseract-OCR. Here is the recording:
Nowadays, android smartphones are becoming more popular and the greatest platform for mobile devices which has capability to run millions of mobile phones in about more than 200 countries. It may bring not only convenience for people but also crimes or security issues. Some people are committed the crimes by using the technology and mobile devices. So, android forensics is …
Login
