Blog Posts Tagged with "Forensics"
How Can you Expose Targeted Attacks and Combat APTs?
October 10, 2013 Added by:Michelle Drolet
Cybercriminals are employing more sophisticated techniques all the time and far too many companies and organizations still don’t have the protection they really need to safeguard their systems. The prevalence of targeted attacks and advanced persistent threats (APTs) is disturbing.
Comments (0)
Malware Forensics Field Guide for Windows Systems: Digital Forensics
January 22, 2013 Added by:Ben Rothke
The book is not meant as an introductory text, rather as a reference for experienced professionals. For such a reader, they will likely find the Malware Forensics Field Guide for Windows Systems to be an invaluable reference...
Comments (0)
Mobile Devices get means for Tamper-Evident Forensic Auditing
December 13, 2012 Added by:Michelle Drolet
In order to detect security breaches and guarantee compliance, tamper “proofing” has not been sufficient. When it comes time for a forensic audit, the ability to detect unauthorized changes to digital files becomes invaluable in an investigation...
Comments (0)
Windows 8 Forensics: USB Activity
December 03, 2012 Added by:Dan Dieterle
When I started working on Windows 8 USB drive forensics, I assumed it would be similar to Windows 7. I created a fresh Windows 8 VM and plugged a thumb drive into my local system. The VM recognized it as it should. I shut the VM down and opened it in EnCase to examine what happened...
Comments (0)
Windows 8 Forensics: Recycle Bin
November 27, 2012 Added by:Dan Dieterle
The purpose of this project is to determine key differences between the Windows 7 and Windows 8 operating system from a forensic standpoint in order to determine if there are any significant changes that will be either beneficial or detrimental to the forensic investigation process...
Comments (0)
Digital Forensics for Handheld Devices
November 05, 2012 Added by:Ben Rothke
An iPhone 5 with 64 GB of storage and the Apple A6 system-on-a-chip processor has more raw computing power entire data centers had some years ago. With billions of handheld devices in use , it is imperative that forensics investigators know how to ensure that the data in them can be preserved...
Comments (0)
Investigating In-Memory Network Data with Volatility
September 25, 2012 Added by:Andrew Case
This post will discuss Volatility’s new Linux features for recovering network information including enumerating sockets, network connections, and packet contents, and will discuss each plugin along with implementation, how to use it, output, and which forensics scenarios apply...
Comments (0)
Analyzing Desktops, Heaps, and Ransomware with Volatility
September 24, 2012 Added by:Michael Ligh
This post discusses the undocumented windows kernel data structures for desktop objects and desktop heaps. You'll see how to use memory forensics to detect recent malware including the ACCDFISA ransomware and Tigger variants...
Comments (0)
Windows 8 Forensics: Reset and Refresh Artifacts
September 24, 2012 Added by:Dan Dieterle
Everything about the machine pre-refresh can be recovered, and is placed into a folder named windows.old. Information in regards to the migration process, old vs. new mappings, and the date and time of the refresh can be found by in the $SysReset folder and the specific log...
Comments (0)
Analyzing Jynx and LD_PRELOAD Based Rootkits
September 23, 2012 Added by:Andrew Case
In order to have samples to test against, I used the sample provided by SecondLook on their Linux memory images page, and I also loaded the Jynx2 rootkit against a running netcat process in my Debian virtual machine that was running the 2.6.32-5-686 32-bit kernel...
Comments (0)
Detecting Window Stations and Clipboard Monitoring Malware with Volatility
September 19, 2012 Added by:Michael Ligh
Explore undocumented windows kernel data structures related to window station objects and the clipboard. Detect clipboard-snooping malware using Volatility - an advanced memory forensics framework...
Comments (0)
Analyzing the KBeast Rootkit and Detecting Hidden Modules with Volatility
September 18, 2012 Added by:Andrew Case
KBeast is a rootkit that loads as a kernel module. It also has a userland component that provides remote access. This backdoor is hidden from other userland applications by the kernel module. KBeast also hides files, directories, and processes that start with a user defined prefix...
Comments (0)
Recovering Login Sessions, Loaded Drivers, and Command History with Volatility
September 18, 2012 Added by:Michael Ligh
Learn about the undocumented windows kernel data structures related to RDP logon sessions, alternate process listings, and loaded drivers. See how Volatility can help you forensically reconstruct attacker command histories and full input/output console buffers...
Comments (0)
Analyzing the Average Coder Rootkit, Bash History, and Elevated Processes with Volatility
September 16, 2012 Added by:Andrew Case
This post showcases some of Volatility’s new Linux features by analyzing a popular Linux kernel rootkit named “Average Coder” and includes recovering .bash_history, finding userland processes elevated to root, and discovering overwritten file operation structure pointers...
Comments (0)
Network Forensics -Tracking Hackers Through Cyberspace
September 04, 2012 Added by:Jayson Wylie
I highly recommend this book for seasoned network security professionals and those responsible for forensics to help set a foundation of proper approach, reporting and evidence collection for identifying an incident and being able to show proof and record...
Comments (0)
Recovering tmpfs from Linux and Android Memory Captures with Volatility
August 14, 2012 Added by:Andrew Case
Tmpfs is interesting from a forensics perspective for a few reasons. The first is that, in a traditional forensics scenario, the investigator expects that he can shut a computer off, images its disk(s), and get back the filesystem at the time of when the computer was running. With tmpfs, this is obviously not true...
Comments (3)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids
- COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider