Office365 Log Analysis Framework
After yesterday’s webcast Matt Bromiley released his Office365 Log Analysis Framework or OLAF to the public. You can learn more about the framework and download it here. Also, make sure you have...
View ArticleDiffy: A Triage Tool for Cloud-Centric Incident Response
Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix’s Security Intelligence and Response Team (SIRT). Diffy allows a forensic investigator to quickly scope a compromise...
View ArticleA Live Forensic Distribution Executing Malicious Code from a Suspect Drive
Maxim Suhanov has started a DFIR blog, and already submitted the first post – “A Live Forensic Distribution Executing Malicious Code from a Suspect Drive”.
View ArticlePOSH-Triage
Mike Cary has written a PowerShell script that automates the use of Eric Zimmerman’s cmd line tools (https://ericzimmerman.github.io/) against a mounted forensic image. The following tools are run...
View ArticleInvestigating Data Hiding and Covert Communication
The book will focus on incident response methods and techniques when faced with the unprecedented challenge that data hiding and covert communication pose. All three states of data hiding and covert...
View ArticleHow to Validate Your Forensic Tools
Paraben Software has published a free ebook called “How to Validate Your Forensic Tools”. The book is available after filling a short form on their website.
View ArticleDeobfuscating Emotet’s PowerShell Payload
Lasq has posted a step-by-step guide on how to deobfuscate Emotet’s PowerShell payload. Also he shared a Python script to automate the process. Emotet is a banking trojan, targeting computer users...
View ArticleKnowledge is Power! Using the macOS/iOS knowledgeC.db Database to Determine...
Sarah Edwards has posted her research of knowledgeC.db database. This database can be found on macOS and iOS devices. On Mac systems there is a system context database located in the...
View ArticleThe Sleuth Kit 4.6.2 and Autopsy 4.8.0 released
The new versions of the Sleuth Kit and Autopsy have been released. You can already download them at GitHub and test. New features and bug fixes can be also found at GitHub.
View ArticleX-Ways Forensics Cheat Sheet
Brett Shavers has published his cheat sheet on how to you X-Ways Forensics. If you still haven’t checked it, it’s the best time to do it. You can find the cheat sheet here.
View ArticleSearch for Malware on Webservers with Blazescan
Blazescan is a Linux webserver malware scanning and incident response tool, with built in support for cPanel servers, but will run on any Linux based server. You can learn more about the tool and...
View ArticleImaginary C2: Malware Network Behavior Analysis Tool
Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP server which captures HTTP requests towards selectively chosen domains/IPs....
View ArticleAnbox: Boot a Full Android System on a Regular GNU/Linux System
Anbox is a container-based approach to boot a full Android system on a regular GNU/Linux system like Ubuntu. In other words: Anbox will let you run Android on your Linux system without the slowness of...
View ArticleVSCMount Released
Eric Zimmerman has released another amazing tool – VSCMount. Now we have “a simple way to mount Volume Shadow Copies from the command line without having to do much of anything except provide the drive...
View ArticleWebinar on Timeline Forensics
In April 2018 Microsoft updated Windows 10 with a new feature called “Timeline”. The Timeline is similar to your browser history but works for your entire computer. Apart from websites that you...
View ArticleAcquring MediaTek (MTK) Phones with Magnet AXIOM
This video shows how to use Magnet AXIOM to acquire mobile devices using a MediaTek (MTK) chipset to bypass the user passcode and get a full physical acquisition:
View ArticleAutomating Analysis with Multi-Model Avocados
In every case you work on, someone is asking you to get answers faster but without introducing more human error. Depending on the case, there are “go to” artifacts that help us to quickly answer basic...
View ArticlePayload Distribution Format
As a continuation of the “Introduction to Malware Analysis” series, this video walks through an analysis of a potentially malicious PDF file. You’ll look at three (3) tools from Didier Stevens:...
View ArticleEric Zimmerman Updated Most of His Tools
Eric Zimmerman has updated most of his tools: WxTCmd, Hasher, Timeline Explorer, ShellBags Explorer, AppCompatCacheParser, AmcacheParser, ReCmd, Registry , and bstrings have been updated. It’s high...
View ArticleJoin our Telegram DFIR group!
Guys, we have created a Telegram group, where we will do our best to answer all your questions. We will be very happy if you join it! Here is the invite link for you:...
View Article