April 17, 2021

Cyber Forensicator

  • Articles
  • Books
  • Contact
  • How To
  • News
  • Presentations
  • Science
  • Software
  • Tips & Tricks
  • Videos
  • Webinars
  • White Papers
Home Tips & Tricks

Tips & Tricks

Tips & Tricks

Finding Registry Malware Persistence with RECmd

Chad Tilbury has writen a post on how to use Eric Zimmerman’s RECmd and its batch files to uncover malware persistence mechanisms in the registry. The post is available here.

Read More
Tips & Tricks

Detecting PowerShell Empire Shenanigans with Sysinternals

In this post Ben Bornholm writes about how to detect PowerShell Empire using the tools from the Sysinternals suite.

Read More
Tips & Tricks

Analyzing the Windows LNK File Attack Method

An interesting post by D3xt3r’s Malware Laboratory describing another example of using LNK files as malware droppers.

Read More
Tips & Tricks

Cobalt Strike Remote Threads Detection

Olaf Hartong has writted a blog post in which he shows how to use “Create Remote Thread” events to detect process injection which NoPowerShell relies on. NoPowerShell is a tool which can be used to execute certain PowerShell commands from Cobalt Strike without having to use PowerShell itself. Learn about this detection technique at Medium.

Read More
Tips & Tricks

Robust Use of PsExec That Doesn’t Reveal Password Hashes

Brian Carrier and Chris Ray have found a way how to run PsExec and not reveal admin password hash. Check this blog post to learn how to do it.

Read More
Tips & Tricks

Beyond good ol’ LaunchAgent – part 0

Pasquale Stirparo has started a post series about macOS persistense mechanisms titled “Beyond good ol’ LaunchAgent”. The first post is devoted to LaunchAgents and LaunchDaemonsю

Read More
Tips & Tricks

Spotting the Signs of Lateral Movement

Derek King has published another post as part of his “Hunting with Splunk: The Basics” series. This time he is discussing lateral movement – one of the key indicators when you actually have an APT in your network as Ryan Kovar said.

Read More
Tips & Tricks

How to Put a Qualcomm Phone into EDL Mode

In this post Magnet Forensics talks about Emergency Download (EDL). This is a Qualcomm feature that can be used for data recovery and performing some other tasks like unbricking or flashing the device. Finally, it can be used for creating a full image bypassing the passcode of the target device.

Read More
Tips & Tricks

Using SQL Server 2016 Temporal Tables for Data Forensics and Auditing

Temporal Tables are a new feature of SQL Server 2016. Join Pragmatic Works to learn what they are and how they track data change history for auditing and forensics. This presentation includes demos of how to create temporal tables, and how to use them once they are configured.

Read More
Tips & Tricks

The Newest Version of SANS Windows Forensic Analysis Poster is Online

SANS DFIR posted the newest version of Windows Forensic Analysis poster. Updated Windows Time Rules table, lots of artifacts of file downloading, program execution, deleting files or files knowledge, and so on – don’t wait, download and learn!

Read More
Page 1 of 712345 ...Last

Follow Us

About Us

Cyber Forensicator is a web-project by Igor Mikhaylov and Oleg Skulkin aiming on collecting all most interesting and important cyber and digital forensics news, articles, presentations, and so on, in one place.

Popular Posts

Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection

October 20, 2017

Cloud Forensics: Analyzing MEGASync

April 15, 2018

Windows Phone Physical Imaging Without JTAG and Chip-off

June 3, 2018

Timeline

  • March 4, 2021

    Find out what happened during a ransomware attack on computer

  • January 24, 2021

    Analyzing videos with multiple video streams in digital forensics

  • December 19, 2020

    PC3000 Portable III in Digital Forensics

  • December 18, 2020

    How to analyze different types of devices and find connections between them

  • July 5, 2020

    Threat Hunting: What it Is, and What it Is Not

CyberForensicator.com © Copyright 2016-2021, All Rights Reserved

Login

Welcome!Log into your account