Eyal Neemany has published a post on how to use PowerShell to expose command line shells history. He notes that the biggest trend in the last few years is the use of Non-Malware attacks. There are a few reasons why we see increased use of scripting language based malwares: Some of them are installed by default on every Windows operating system. …
This response plan includes steps to contain the threat, hunt for existing infections, and remediation. Following is a list of tasks that should be performed across your organization. These tasks can and should be parallelized. The patching process can be slower but it’s important to start as soon as possible, even while containment is taking place. The authors recommend automation …
In this video Mark Baggett will show you how you can use a tool named SRUM-DUMP to capture critical DFIR (Digital Forensics and Incident Response) data like the dates and times processes were executed, which networks they used, how much data was transmitted and received, the Security Identifier of the user that launched the process and more. Then Mark will …
Preston Miller from DPM Forensics has published a post on how to recover data from damaged USBs. In the post he discusses a few methods can be used to extract data from a broken USB device. You’ll learn how to remove the chip from the board and how to solder it onto the donor.
Joshua James from Cybercrime Technologies has recorded a nice tutorial on how to extract text from images with Tesseract-OCR. Here is the recording:
Nowadays, android smartphones are becoming more popular and the greatest platform for mobile devices which has capability to run millions of mobile phones in about more than 200 countries. It may bring not only convenience for people but also crimes or security issues. Some people are committed the crimes by using the technology and mobile devices. So, android forensics is …
This video shows how to use Magnet ACQUIRE to obtain a physical image of Android mobile phone devices using TWRP. The phone used in this video is a Samsung Galaxy S5 mobile phone (SM-G900W8) running Android 6.0.1:
Amanda Rousseau has published a course on basics of malware reverse engineering at her GitHub. The course consists of 6 sections: fundamentals, malware techniques, RE tools, triage analysis, static analysis and dynamic analysis.
Philippe Lagadec has published a blog post on how to find data hidden at the end of an OLE file. You will learn about Microsoft Compound File Binary Format (OLE format) and how to determine the end of OLE data to find hidden objects.
In recent years Android operating system, being installed on huge numbers of smartphones, tablets and other devices, had a breakthrough on the market. Following that success, the need to recover and analyze data from Android OS, became important part of mobile forensics. Consequently, many commercial and open-source mobile forensic tools became available for forensics investigators. The subject of this paper …
Login
