4n6k.com
4n6k: Forensic FOSS: 4n6k_volatility_installer.sh - Install Volatility For Linux Automatically
http://www.4n6k.com/2014/08/forensic-foss-4n6kvolatilityinstallersh.html
Tuesday, August 26, 2014. Forensic FOSS: 4n6k volatility installer.sh - Install Volatility For Linux Automatically. These posts will consist of open source software for use in everyday forensic investigations. Of this project by @wzod. 4n6k volatility installer.sh. Is a bash script that installs Volatility 2.4 (and all dependencies) for Ubuntu Linux with one command. Why Do I Need It? An internet connection and an APT-based Linux distribution [for the time being]. This script has been tested on stock...
4n6k.com
4n6k: About
http://www.4n6k.com/p/about.html
TL;DR: I enjoy doing research and writing about it. More details on LinkedIn. I've taken up the task of learning as much as possible about digital forensics on my own time. My particular focus and interest lie within behavioral analysis of user activity/malware artifacts. Discovering the process by which a user interacts with a computer could be a key determinant in the prosecution or defense of a guilty or innocent individual - I'd say that's a pretty big deal, wouldn't you? Add me on LinkedIn. Registry...
4n6k.com
4n6k: Posts
http://www.4n6k.com/p/forensic-posts.html
Shellbags Forensics: Addressing a Misconception. Interpretation, step-by-step testing, new findings, and more). Timelines, interpretation, testing, and more). Jump List Forensics: AppIDs Part 1. Jump List Forensics: AppIDs Part 2. Jump List Forensics: AppID Master List (400 AppIDs). Forensics Quickie: PowerShell Versions and the Registry. Forensics Quickie: NTUSER.DAT Analysis (SANS CEIC 2015 Challenge #1 Write-Up). Forensics Quickie: Merging VMDKs and Delta/Snapshot Files (2 Solutions). Possible Unknown...
blog.korrosivesecurity.com
Korrosive Security: Jack Crook DFIR Challenge - PCAP
http://blog.korrosivesecurity.com/2013/05/jack-crook-dfir-challenge-pcap.html
Tuesday, May 7, 2013. Jack Crook DFIR Challenge - PCAP. I've been working on a DFIR challenge put out there by @jackcr. Over at his HandlerDiaries. Site and thought I would make a few posts about it for my reference more than anything else. The challenge consists of a pcap file and the memory dumps of four potentially infected machines and the objectives are as follows:. Determine which machines are compromised. Identify the who, what, when , where, and how. 1 First 5 bytes contain the header Gh0st.
forensicmethods.com
Mimikatz Kerberos Golden Ticket | Forensic Methods
http://forensicmethods.com/mimikatz-kerberos-golden-ticket
Mimikatz Kerberos Golden Ticket. Mimikatz Kerberos Golden Ticket. June 30, 2014. Mdash; Leave a comment. It has been an interesting year for attacks against the Windows credential model. If you aren’t familiar with the Mimikatz “Golden Ticket” attack, it represents some of the best justification for guarding your domain administrator credentials with your life (if you really needed additional justification). CERT EU published an excellent whitepaper. On strategies for mitigating this attack. Las Vegas, NV.
forensicmethods.com
Malware | Forensic Methods
http://forensicmethods.com/category/malware
Mimikatz Kerberos Golden Ticket. June 30, 2014. Mdash; Leave a comment. It has been an interesting year for attacks against the Windows credential model. If you aren’t familiar with the Mimikatz “Golden Ticket” attack, it represents some of the best justification for guarding your domain administrator credentials with your life (if you really needed additional justification). CERT EU published an excellent whitepaper. On strategies for mitigating this attack. Malware Analysis Quant Project. The original ...
4n6k.com
4n6k: January 2012
http://www.4n6k.com/2012_01_01_archive.html
Sunday, January 8, 2012. Forensics Quickie: Recovering Deleted Files With Scalpel (.CR2 Photos). These posts will consist of small tidbits of useful information that can be explained very succinctly. SD card was accidentally formatted; RAW photos in .cr2 format from a Canon Rebel T3 needed to be recovered. Boot up a Linux VM (I chose Ubuntu) and install Scalpel with:. Sudo apt-get install scalpel. Check to see if the required filetype signature is supported by Scalpel by default :. Links to this post.
nerdiosity.com
file system « nerdiosity
http://www.nerdiosity.com/tag/file-system
Feel free to drop me a note. If you have some burning nerdiosity, or leave me a comment. A Fistful of Dongles. Command Line Kung Fu. Forensics for the newbs. Journey Into Incident Response. Nibble on dav nads. Posts tagged ‘file system’. August 9, 2012. Impressive analysis and research and, after some consideration, my boss’s only question was:. 8220;Did you watch the video? 8220;Uh…no… I was saving that for last…”. Did he say I was doing good? Insert fist pump moment]. And then I watched the video….
nerdiosity.com
encrypted « nerdiosity
http://www.nerdiosity.com/tag/encrypted
Feel free to drop me a note. If you have some burning nerdiosity, or leave me a comment. A Fistful of Dongles. Command Line Kung Fu. Forensics for the newbs. Journey Into Incident Response. Nibble on dav nads. Posts tagged ‘encrypted’. The “s” is not a typo…. January 15, 2012. Ever typed in a website address and wondered why some start with HTTP and some with HTTPS? No, the S is not a typo! Back to top ↑.
nerdiosity.com
DFIR Summit « nerdiosity
http://www.nerdiosity.com/tag/dfir-summit
Feel free to drop me a note. If you have some burning nerdiosity, or leave me a comment. A Fistful of Dongles. Command Line Kung Fu. Forensics for the newbs. Journey Into Incident Response. Nibble on dav nads. Posts tagged ‘DFIR Summit’. Always wear cargo pants…. July 17, 2012. Do you know enough about the basics of file partitions and where to start looking for them on a drive image using a common hex editor? I do now, thanks to Rob Lee and SANS FOR508. Back to top ↑.
SOCIAL ENGAGEMENT