Following the RTM
Researchers became aware of the activities of the RTM group in December 2015. Since then, phishing emails distributing the t…
Using MITRE ATT&CK for Forensics: Image File Execution Options Injection (T1183)
As was promised, we continue our Using MITRE ATT&CK for Forensics series. This time we are going to discuss another pers…
Using MITRE ATT&CK for Forensics: WMI Event Subscription (T1084)
First of all, I would like to thank all of those who liked and retweeted the previous article from this series, BITS Jobs (T…
Using MITRE ATT&CK for Forensics: BITS Jobs (T1197)
If you are doing incident response, you must know what MITRE ATT&CK is. As it’s a great guide to threat actors tac…
Parsing Carved EVTX Records Using EvtxECmd
Teru Yamazaki has posted about how to extract Windows Event Log files from allocated space, Volume Shadow Copies, carve them…
PowerShell and Python Together: Targeting Digital Investigations
A new book by Chet Hosmer has been released. The book will teach you how to use PowerShell and Python for conducting digital…
Autopsy 4.11.0 Released
The new version of Autopsy has been released. New Features: Adding Data: Hashes can optionally be entered when adding a disk…
Extract Configuration Data of Known Malware with MalConfScan
JPCERT has released a Volatility plugin called MalConfScan. The plugin can be used to extract configuration data of popular …
2019 Forensic 4cast Awards: Cyber Forensicator’s Nominations
2019 Forensic 4cast Awards nominees will be presented quite soon, and we decided to present our picks to our readers. DFIR C…
Detection of Algorithmically Generated Malicious Domain
In recent years, many malware writers have relied on Dynamic Domain Name Services (DDNS) to maintain their Command and Contr…
