fondazionesfilio.it
Fondazione Maestro Francesco Sfilio
http://www.fondazionesfilio.it/2.htm
IL COLLEGIO DEI REVISORI.
fondazionesfilio.it
Fondazione Maestro Francesco Sfilio
http://www.fondazionesfilio.it/8.htm
Fondazione Maestro Francesco Sfilio.
blog.digital-forensics.it
ZENA FORENSICS: January 2015
http://blog.digital-forensics.it/2015_01_01_archive.html
Tuesday, January 13, 2015. Last October, I participated as speaker at the SANS DFIR. It was a great meeting and I am very happy to have been able to participate. My speech was focused on DPAPI. And how it could be used during a post-mortem digital investigation to access protected information: overcoming system's security it's sometimes necessary to access data otherwise not available. I like to call this "process" ODI. I want to be brief, skipping any DPAPI introduction and only providing some links.
blog.digital-forensics.it
ZENA FORENSICS: April 2012
http://blog.digital-forensics.it/2012_04_01_archive.html
Friday, April 27, 2012. A tale on RegRipper Plugins unnoticed. It cames out that some RegRipper. Have errors and/or do not parse correctly/at all the desired keys. This fact should not be unexpected since there exist many plugins (from far less many contributors, unfortunately) and since they should work on xp-(s)vista-7 Windows OSes: errors are around the corner. What is really. Detected by the DFIR community (included me, of course). Let's start with the first cas. Executed on a XP system:. This is the...
blog.digital-forensics.it
ZENA FORENSICS: WhatsApp Forensics
http://blog.digital-forensics.it/2012/05/whatsapp-forensics.html
Tuesday, May 15, 2012. Those who follow this blog may have noticed few months ago a post that introduced WhatsApp Xtract: this script was able to display in an HTML document all the WhatsApp messages extracted from an iPhone. A. Nd those who follow the xda developers forum may have recently noticed a. This last month, thanks to Martina Weidner (aka ztedd) who has decided to take control of its development, we have obtained valuable results. Where to find the information:. What's the file structure? Conve...
blog.digital-forensics.it
ZENA FORENSICS: December 2011
http://blog.digital-forensics.it/2011_12_01_archive.html
Wednesday, December 14, 2011. I don’t want to bore you explaining what is WhatsApp. If you have this serious gap, you can fill it here. Forensically speaking, WhatsApp was a very cool app until the last June. After that, someone had decided to add the extension “crypt” to such excellent source of information which was msgstore.db. This database stores information about contacts and also entire conversations. But simply opening it with SQLite Browser. Now, you need only to decrypt that file! Go to the repo.
blog.digital-forensics.it
ZENA FORENSICS: December 2013
http://blog.digital-forensics.it/2013_12_01_archive.html
Tuesday, December 3, 2013. 3minutesOf: a bit of X-Ways and RAID. Some days ago I was working on four images coming from a QNAP storage: so, four disk whose partitions were used to build up RAID volumes. " No problem. I said to myself, knowing that QNAP are *nix based and that XWF (X-Ways Forensics) is so powerful that I'll not need to switch on Linux. That's true, but you need to instruct XWF about which type and parameters the RAID is using. Easy again, let's find the configuration raidtab. The worst an...
blog.digital-forensics.it
ZENA FORENSICS: July 2012
http://blog.digital-forensics.it/2012_07_01_archive.html
Thursday, July 5, 2012. In DFIR activities timelines. Are often determinant to understand what happened (lot of refs here. Provided the community with the great log2timeline. That, along with the invaluable. Gives a (temporal) order to chaos. But l2t is not currently considering valuable artifacts coming from wtmp. Files on Linux systems. Introduction to those files let's see what wikipedia. File keeps track of the. Current login state of each user. File records all logins and logouts history. Is found i...
blog.digital-forensics.it
ZENA FORENSICS: May 2015
http://blog.digital-forensics.it/2015_05_01_archive.html
Thursday, May 21, 2015. In my own vocabulary, undesxing. Is the action of decrypting something encrypted with the Microsoft version of the DESX algorithm: a bit obfuscated title but I liked to make a scenographic use of it. Is a variant of the Data Encryption Standard in that a XOR step is added to the plaintext before and after the encryption: you can find a description on wikipedia. So, what is the issue with it? Let me provide the context. The Windows Local Security Authority ( LSA. Lsass processes co...
blog.digital-forensics.it
ZENA FORENSICS: March 2014
http://blog.digital-forensics.it/2014_03_01_archive.html
Friday, March 28, 2014. I must admit I did not expect so many acknowledgments by writing the volatility mimikatz plugin. I want to say thanks to all people that tweeted, emailed - and so on - me: it is just a piece of the puzzle, and the big pieces are those from volatility. First, I want to say thanks to Andrew Case. For the support and for having tweeted about the plugin: probably all those acks. Are because Andrew is an uber-well-known DFIR expert! Then I want to say thanks to Kristinn Gudjonsson.
SOCIAL ENGAGEMENT