January 26, 2021

Cyber Forensicator

  • Articles
  • Books
  • Contact
  • How To
  • News
  • Presentations
  • Science
  • Software
  • Tips & Tricks
  • Videos
  • Webinars
  • White Papers
Home How To

How To

How To

Step by Step Guide to iOS Jailbreaking and Physical Acquisition

Oleg Afonin from Elcomsoft has posted a step by step guide on how to perform jailbreaking and physical acquisition of iOS devices. The guide is available here.

Read More
How To

Creating a File System Image of iOS12

Apple’s iOS 12 is the latest iteration in their mobile device software. With each iteration Apple creates new system protections in order to enhance user privacy which in turn inhibits the ability for a forensic analyst to complete forensic analysis on Apple devices. With each iteration comes workarounds to allow forensic analyst access to obtain information stored in these devices. …

Read More
How To

Parsing Carved EVTX Records Using EvtxECmd

Teru Yamazaki has posted about how to extract Windows Event Log files from allocated space, Volume Shadow Copies, carve them from unallocated space with Bulk Extractor, and parse all these EVTX files with Eric Zimmerman’s EvtxECmd.

Read More
How To

Digging Up the Past: Windows Registry Forensics Revisited

David Via from FireEye has written a very good article focused on the following known sources of historical registry data: Registry transaction logs (.LOG)Transactional registry transaction logs (.TxR)Deleted entries in registry hivesBackup system hives (REGBACK)Hives backed up with System Restore

Read More
How To

Extracting Activity History from PowerShell Process Dumps

Lee Holmes has posted about how to extract activity history from PowerShell process dumps. Such dumps may be gold mines, especially if compromised system doesn’t have PowerShell logging enabled.

Read More
How To

An introduction to file-system post-mortem forensic analysis

Computer Incident Response Center of Luxembourg has published materials used during their forensic trainings including slides and links to the disk images. You can find these materials here.

Read More
How To

Netflix -Windows 10 Appstore Forensics

Justin Boncaldo has written a post about forensic analysis of Netflix app. It seems the app doesn’t store a lot of data locally, especially the kind of data that can be used for forensic purposes, but you can find some user-action related data.

Read More
How To

Gone in 10 Seconds: Snapchat Forensics

John Walther has written an article about Snapchat forensics. He used an iOS device running 11.4.1 and an Android device running Marshmallow. For data extraction the author used Oxygen Forensic Detective 10.4.0.54. Here is what he got.

Read More
How To

How to Deploy Cuckoo Sandbox

Marc Rivero López presented a how-to guide that will help you to deploy Cuckoo Sandbox – an open source malware sandbox system.

Read More
How To

How to Disassemble a Word Document with Embedded Macros

Here is a post by Paul Cimino, in which he goes through the steps to create a macro-embedded Word document, extract the files, and then analyze them for malicious content.

Read More
Page 1 of 1112345 10...Last

Follow Us

About Us

Cyber Forensicator is a web-project by Igor Mikhaylov and Oleg Skulkin aiming on collecting all most interesting and important cyber and digital forensics news, articles, presentations, and so on, in one place.

Popular Posts

Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection

October 20, 2017

Cloud Forensics: Analyzing MEGASync

April 15, 2018

Windows Phone Physical Imaging Without JTAG and Chip-off

June 3, 2018

Timeline

  • 2 days ago

    Analyzing videos with multiple video streams in digital forensics

  • December 19, 2020

    PC3000 Portable III in Digital Forensics

  • December 18, 2020

    How to analyze different types of devices and find connections between them

  • July 5, 2020

    Threat Hunting: What it Is, and What it Is Not

  • May 24, 2020

    Utilities go for launch!

CyberForensicator.com © Copyright 2016-2021, All Rights Reserved

Login

Welcome!Log into your account