Advertisement
 
Blogs
Subscribe to Forensic Magazine

The Lead

This post is about employing various data sources and analysis techniques, and pivoting in order to add context and achieve a greater level of detail in your analysis.

How do you 'do' analysis?

March 2, 2015 | by Harlan Carvey | Comments

This post is about employing various data sources and analysis techniques, and pivoting in order to add context and achieve a greater level of detail in your analysis.

TOPICS:
View Sample

SUBSCRIBE TO FREE
Forensic Magazine
EMAIL NEWSLETTER

I can honestly say that the most common question I am asked by examiners, investigators, students and even my neighbors is, "which phone is the most secure?" Some want to secure their own device, and others, like myself, want to prove everyone in DFIR wro

Has the smartphone finally outsmarted us?

February 26, 2015 8:20 am | by eather Mahalik | Comments

I can honestly say that the most common question I am asked by examiners, investigators, students and even my neighbors is, "which phone is the most secure?" Some want to secure their own device, and others, like myself, want to prove everyone in DFIR wrong by cracking into the toughest and most secure devices.  

TOPICS:
We are bored with e-discovery. It hasn’t gone away, as some foolishly imagined it might. Most have endured rather than embraced e-discovery. The level of discourse about sources and process isn’t much higher than it was a decade ago despite the ascendency

Ennui: Have We Grown Weary of e-Discovery?

February 24, 2015 12:41 pm | by Craig Ball | Comments

We are bored with e-discovery. It hasn’t gone away, as some foolishly imagined it might. Most have endured rather than embraced e-discovery. The level of discourse about sources and process isn’t much higher than it was a decade ago despite the ascendency of social networking, cloud computing and mobile devices.

TOPICS:
But there's a more interesting angle to zoom in on, namely, "What is it about SIM cards that made this possible?

How the 'Great SIM Heist' Could Have Been Avoided

February 23, 2015 3:28 pm | by Paul Ducklin | Comments

But there's a more interesting angle to zoom in on, namely, "What is it about SIM cards that made this possible?"

TOPICS:
Advertisement
The Deep Web, the bit of the World Wide Web that's not indexed by search engines like Google and Bing, is of intense interest to people who want to avoid government spies and law enforcement.

The Dark Web: Anarchy, Law, Freedom and Anonymity

February 20, 2015 10:19 am | by Mark Stockley | Comments

The Deep Web, the bit of the World Wide Web that's not indexed by search engines like Google and Bing, is of intense interest to people who want to avoid government spies and law enforcement.

TOPICS:
Scam artists stole billions of dollars last year from the U.S. Treasury by filing phony federal tax refund requests on millions of Americans. But as Uncle Sam has made this type of fraud harder for thieves to profit from, the crooks have massively shifted

The Rise in State Tax Refund Fraud

February 18, 2015 2:11 pm | by Brian Krebs | Comments

Scam artists stole billions of dollars last year from the U.S. Treasury by filing phony federal tax refund requests on millions of Americans. But as Uncle Sam has made this type of fraud harder for thieves to profit from, the crooks have massively shifted their focus to conducting refund fraud at the state level.

TOPICS:
Microsoft recently released an update (KB 3004375) that allows certain versions the Windows OS to record command line options, if Process Tracking is enabled, in the Windows Event Log. Microsoft also recently upgraded Sysmon to version 2.0, with some inte

IR Tools

February 13, 2015 2:53 pm | by Harlan Carvey | Comments

Microsoft recently released an update (KB 3004375) that allows certain versions the Windows OS to record command line options, if Process Tracking is enabled, in the Windows Event Log. Microsoft also recently upgraded Sysmon to version 2.0, with some interesting new capabilities.

TOPICS:
A recent Duo Tech Talk featured Ivan Leichtling of Yelp, the company behind the website and mobile app that publishes crowd-sourced reviews about local businesses. Ivan lead a talk at Duo on OSXCollector, an open source forensic evidence collection and an

OSXCollector - Automated Forensic Evidence Collection & Analysis for OS X

February 12, 2015 12:08 pm | by Thu Pham | Comments

A recent Duo Tech Talk featured Ivan Leichtling of Yelp, the company behind the website and mobile app that publishes crowd-sourced reviews about local businesses. Ivan lead a talk at Duo on OSXCollector, an open source forensic evidence collection and analysis toolkit for OS X developed in-house at Yelp. 

TOPICS:
Process hollowing (a.k.a. process replacement) is a technique malware uses to overwrite a running process with a malicious code. To me it's the technical equivalent of those alien body snatchers. This post explores process hollowing techniques using the C

Process Hollowing Meets Cuckoo Sandbox

February 9, 2015 1:51 pm | by Corey Harrell | Comments

Process hollowing (a.k.a. process replacement) is a technique malware uses to overwrite a running process with a malicious code. To me it's the technical equivalent of those alien body snatchers. This post explores process hollowing techniques using the Cuckoo Sandbox.

TOPICS:
Advertisement
Members of a Senate committee, at a Feb. 4 hearing, received anecdotal evidence of how the National Institute of Standards and Technology's cybersecurity framework is helping businesses with risk management.

NIST Framework: Is It a Success?

February 5, 2015 1:44 pm | by Eric Chabrow | Comments

Members of a Senate committee, at a February 4 hearing, received anecdotal evidence of how the National Institute of Standards and Technology's cybersecurity framework is helping businesses with risk management.           

TOPICS:
Overall, cookies are a satisfactory way to handle tracking online. They're simple,   reliable, useful, proven, easy to understand, easy for vendors to implement, and   easy for users to control. And that's exactly why people who are really serious   about

How HSTS 'Supercookies' Make You Choose between Privacy or Security

February 2, 2015 2:53 pm | by Mark Stockley | Comments

Overall, cookies are a satisfactory way to handle tracking online. They're simple, reliable, useful, proven, easy to understand, easy for vendors to implement, and easy for users to control. And that's exactly why people who are really serious about tracking you online don't rely on cookies.

TOPICS:
The U.S. Army has released to open source an internal forensics analysis framework that the Army Research Lab has been using for some time.

Army Research Lab Releases Dshell Forensics Framework

January 30, 2015 11:50 am | by Dennis Fisher | Comments

The U.S. Army has released to open source an internal forensics analysis framework that the Army Research Lab has been using for some time.                               

TOPICS:
According to a recent alert from the FBI, cyber thieves stole nearly $215 million from businesses in the last 14 months using a scam that starts when business executives or employees have their email accounts hijacked.

FBI: Businesses Lost $215M to Email Scams

January 29, 2015 8:11 am | by Brian Krebs | Comments

According to a recent alert from the FBI, cyber thieves stole nearly $215 million from businesses in the last 14 months using a scam that starts when business executives or employees have their email accounts hijacked.         

TOPICS:
Researchers find more than 5,000 US gas stations' automated tank gauges unprotected on the public Internet and open to hackers.

Gas Stations Urged to Secure Internet-exposed Fuel Tank Devices

January 27, 2015 11:52 am | by Kelly Jackson Higgins | Comments

Researchers find more than 5,000 US gas stations' automated tank gauges unprotected on the public Internet and open to hackers.                                   

TOPICS:
Prolific researcher Kafeine today called for Windows users to disable Adobe Flash Player in the wake of his discovery of an exploit for a previously unknown Flash flaw being packaged with a notorious crimeware kit.

Adobe Investigating New Flash Zero-Day Spotted in Crimeware Kit

January 22, 2015 12:12 pm | by Kelly Jackson Higgins | Comments

Prolific researcher Kafeine today called for Windows users to disable Adobe Flash Player in the wake of his discovery of an exploit for a previously unknown Flash flaw being packaged with a notorious crimeware kit.          

TOPICS:
Almost once a week, I receive an email from a reader who has suffered credit card fraud and is seeking help figuring out which hacked merchant was responsible. I generally reply that this is a fruitless pursuit, and instead encourage readers to keep a clo

How Was Your Credit Card Stolen?

January 22, 2015 11:44 am | by Brian Krebs | Comments

Almost once a week, I receive an email from a reader who has suffered credit card fraud and is seeking help figuring out which hacked merchant was responsible. I generally reply that this is a fruitless pursuit, and instead encourage readers to keep a close eye on their card statements and report any fraud.

TOPICS:

Pages

Advertisement
X
You may login with either your assigned username or your e-mail address.
The password field is case sensitive.
Loading