4n6k.com
4n6k: Forensic FOSS: 4n6k_volatility_installer.sh - Install Volatility For Linux Automatically
http://www.4n6k.com/2014/08/forensic-foss-4n6kvolatilityinstallersh.html
Tuesday, August 26, 2014. Forensic FOSS: 4n6k volatility installer.sh - Install Volatility For Linux Automatically. These posts will consist of open source software for use in everyday forensic investigations. Of this project by @wzod. 4n6k volatility installer.sh. Is a bash script that installs Volatility 2.4 (and all dependencies) for Ubuntu Linux with one command. Why Do I Need It? An internet connection and an APT-based Linux distribution [for the time being]. This script has been tested on stock...
4n6k.com
4n6k: September 2011
http://www.4n6k.com/2011_09_01_archive.html
Wednesday, September 28, 2011. Forensics Quickie: Mounting Split .vmdk. These posts will consist of small tidbits of useful information that can be explained very succinctly. You're tasked with examining a VMware virtual disk. On your way to acquire the .vmdk file, you notice that there's not one, but several .vmdk files. A split VM! You know FTK Imager supports mounting .vmdk, so you go ahead and attempt to mount it. But.it only accepts one .vmdk file! For spurring this topic. Links to this post. Jump L...
4n6k.com
4n6k: May 2013
http://www.4n6k.com/2013_05_01_archive.html
Tuesday, May 14, 2013. UserAssist Forensics (timelines, interpretation, testing, and more). Everything I've learned on the subject of digital forensics has been a direct result of both experience and reading forensics books, blogs, and list-serv responses written by people like Ken Pryor, Harlan Carvey, Eoghan Casey, Chad Gough,. Before I get into the bulk of it a ll,. Let me note that UserAssist artifacts are nothing new. Didier Stevens. Each count subkey contains ROT-13 encoded values; each value is a ...
4n6k.com
4n6k: About
http://www.4n6k.com/p/about.html
TL;DR: I enjoy doing research and writing about it. More details on LinkedIn. I've taken up the task of learning as much as possible about digital forensics on my own time. My particular focus and interest lie within behavioral analysis of user activity/malware artifacts. Discovering the process by which a user interacts with a computer could be a key determinant in the prosecution or defense of a guilty or innocent individual - I'd say that's a pretty big deal, wouldn't you? Add me on LinkedIn. Registry...
4n6k.com
4n6k: Posts
http://www.4n6k.com/p/forensic-posts.html
Shellbags Forensics: Addressing a Misconception. Interpretation, step-by-step testing, new findings, and more). Timelines, interpretation, testing, and more). Jump List Forensics: AppIDs Part 1. Jump List Forensics: AppIDs Part 2. Jump List Forensics: AppID Master List (400 AppIDs). Forensics Quickie: PowerShell Versions and the Registry. Forensics Quickie: NTUSER.DAT Analysis (SANS CEIC 2015 Challenge #1 Write-Up). Forensics Quickie: Merging VMDKs and Delta/Snapshot Files (2 Solutions). Possible Unknown...
4n6k.com
4n6k: January 2012
http://www.4n6k.com/2012_01_01_archive.html
Sunday, January 8, 2012. Forensics Quickie: Recovering Deleted Files With Scalpel (.CR2 Photos). These posts will consist of small tidbits of useful information that can be explained very succinctly. SD card was accidentally formatted; RAW photos in .cr2 format from a Canon Rebel T3 needed to be recovered. Boot up a Linux VM (I chose Ubuntu) and install Scalpel with:. Sudo apt-get install scalpel. Check to see if the required filetype signature is supported by Scalpel by default :. Links to this post.
4n6k.com
4n6k: UserAssist Forensics (timelines, interpretation, testing, & more)
http://www.4n6k.com/2013/05/userassist-forensics-timelines.html
Tuesday, May 14, 2013. UserAssist Forensics (timelines, interpretation, testing, and more). Everything I've learned on the subject of digital forensics has been a direct result of both experience and reading forensics books, blogs, and list-serv responses written by people like Ken Pryor, Harlan Carvey, Eoghan Casey, Chad Gough,. Before I get into the bulk of it a ll,. Let me note that UserAssist artifacts are nothing new. Didier Stevens. Each count subkey contains ROT-13 encoded values; each value is a ...
easymetadata.com
Links – EasyMetaData
http://www.easymetadata.com/links
Powerful access to data. Forensic & DFIR Resources. 45; Forensic & DFIR Resources. 45; RRTX Blog! Binary foray Blog - Home of ShellBag Explorer Registry Explorer. Computer Forensics at Champlain College Blog. Hacking Exposed Computer Forensics Blog by David Cowen. Http:/ cheeky4n6monkey.blogspot.com/. Https:/ davidkoepi.wordpress.com/. Nibble on dav nads. The Forensic Lunch - Learn Forensics with David Cowen (video podcast). Computer Forensics - Software. Nibble on dav nads. SIFT Workstation by SANS.
siliconblade.blogspot.com
What's in your silicon?: Finding Call Reference Hooks in Mac Memory
http://siliconblade.blogspot.com/2014/11/finding-call-reference-hooks-in-mac.html
What's in your silicon? Saturday, November 15, 2014. Finding Call Reference Hooks in Mac Memory. In this blog post the call reference to the function vnode pagein in the function ps read file will be modified to show a call reference modification and and a Volatility Framework plugin to detect this type of hooking will be presented. Find a location to potentially inject the code, in this case 0xffffff7f89dba6e5. Get address for the kernel extension (kext) list. While kmod.is valid():. Txt data end = 0.
SOCIAL ENGAGEMENT