December 09, 2019

Cyber Forensicator

  • Articles
  • Books
  • Contact
  • How To
  • News
  • Presentations
  • Science
  • Software
  • Tips & Tricks
  • Videos
  • Webinars
  • White Papers
Home White Papers

White Papers

White Papers

A Practical Model for Conducting Cyber Threat Hunting

There remains a lack of definition and a formal model from which to base threat hunting operations and quantifying the success of said operations from the beginning of a threat hunt engagement to the end that also allows analysis of analytic rigor and completeness. The formal practice of threat hunting seeks to uncover the presence of attacker tactics, techniques, and …

Read More
White Papers

Analysis of the AmCache

Frequently overlooked and understudied, this database is rarely fully exploited when doing incident response. Indeed, its correct interpretation is complex: a lot of special cases can occur that have to be taken into account when performing an analysis. However, the information collected by the AmCache is extremely useful and the lack of awareness about this artifact makes it very valuable, …

Read More
White Papers

Successful Insider Threat Investigations

No two insider threat investigations are ever the same—but a standardized process can help them run more smoothly. When you need to prove whether intellectual property, trade secrets, or other sensitive data were exfiltrated, and whether it was done inadvertently, opportunistically, or maliciously, you need an efficient, repeatable workflow. Magnet’s new white paper describes three steps that can help you …

Read More
White Papers

Whitepaper: Acquiring and Parsing Data from iOS 11 Devices

Over its last few releases, Apple’s iOS—the operating system running on iPhones, iPads, and other mobile devices—has steadily enhanced its offerings designed for both security and user convenience. Each sub-version of both iOS 10 and 11 added or changed small features that have drastically changed the forensic workflow. In this paper, we’ll describe how to: Access more evidentiary data with …

Read More
White Papers

Comments on “Windows Registry Forensic Tool Specification”

Maxim Suhanov has published his comments on NIST’s “Windows Registry Forensic Tool Specification”. You can find Public Draft 1 of Version 1.0 here.

Read More
White Papers

Detecting Lateral Movements in Windows Infrastructure

Lateral movement techniques are widely used in sophisticated cyber-attacks in particular in Advanced Persistent Threats (APTs). The adversary uses these techniques to access other hosts from a compromised system and get access to sensitive resources, such as mailboxes, shared folders, or credentials. These can be used in turn for compromise of additional systems, privilege escalation, or stealing more valuable credentials. …

Read More
White Papers

Taking Bytes Out of Android Nougat Forensic Analysis

In a rapidly changing and uncertain world, consumers continue to demand secure devices that protect their data from prying hackers, data thieves, and even, in some cases, governments. Apple still leads the way, but Google’s latest round of security features ensure that even cheap, free smartphones can be encrypted. Download Taking Bytes Out of Android Nougat Forensic Analysis to learn more about: …

Read More
White Papers

Anatomy of an Attack: CARBANAK

Jack Wesley Riley has published a white paper with an overview of tools and techniques used by CARBANAK. According to the paper, the toolsets CARBANAK deployed can be broken down into five basic functionalities: Ingress/Egress/Remote Access Lateral Movement Log Cleanup Credential Harvesting Internal Reconnaissance The correlations between the Linux environment tools and the Windows environment tools are shown below: You …

Read More
White Papers

Reverse Engineering the iOS Backup

Rich Infante has published his work in progress on reversing iOS backups. The work contains information not only about old backups (up to iOS 9), but also about the new backup format (iOS 10 +), and may be useful for mobile forensics examiners and analysts.

Read More
White Papers

What Is New in EXT4 from an Incident Analysis Perspective

ERNW has published an interesting white paper on the analysis of EXT4 file system in the context of an incident analysis, here is the abstract: “In incident analysis, especially in the field of postmortem file system analysis, the reconstruction of lost or deleted files plays an important role. The techniques that can be applied to this end strongly depend on …

Read More
Page 1 of 212

Follow Us

About Us

Cyber Forensicator is a web-project by Igor Mikhaylov and Oleg Skulkin aiming on collecting all most interesting and important cyber and digital forensics news, articles, presentations, and so on, in one place.

Popular Posts

Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection

October 20, 2017

Cloud Forensics: Analyzing MEGASync

April 15, 2018

Magnet User Summit CTF: Intrusion

July 1, 2018

Timeline

  • October 27, 2019

    50 Shades of Ransomware

  • October 14, 2019

    Tools up: the best software and hardware tools for computer forensics

  • October 9, 2019

    Following the RTM

  • July 21, 2019

    Using MITRE ATT&CK for Forensics: Image File Execution Options Injection (T1183)

  • July 13, 2019

    Using MITRE ATT&CK for Forensics: WMI Event Subscription (T1084)

CyberForensicator.com © Copyright 2016-2019, All Rights Reserved

Login

Welcome!Log into your account