In this article, I’m going to focus on prefetch files, specifically, their characteristics, structure, points of interest in terms of forensic importance, uses, configuration, forensic value and metadata.
For part one of the series, which discusses the Windows Registry, please visit: http://resources.infosecinstitute.com/windows-systems-and-artifacts-in-digital-forensics-part-i-registry/
For part two of the series, which discusses […]
The SIM (subscriber identity module) is a fundamental component of cellular phones. It also known as an integrated circuit card (ICC), which is a microcontroller-based access module. It is a physical entity and can be either a subscriber identity module (SIM) or a universal integrated circuit card (UICC). A […]
Grsecurity and Xorg
If we enable the “Disable privileged I/O” feature in the hardened kernel and reboot, we can’t start X server. That’s because Xorg uses privileged I/O operations. We might receive an error like this:
If we would like to use Xorg, we must enable privileged I/O operations. That disables […]
The checksec.sh file is a Bash script used to verify which PaX security features are enabled. The latest version can be downloaded with the wget command:
Let’s take a look at how checksec.sh does what it does. Let’s first run it without any arguments, which will print its help page […]
Configuring PaX with Grsecurity
We’ve already briefly discussed PaX, but now it’s time to describe it in detail. PaX provides the following security enhancements:
Non-executable memory: Sections that do not contain actual program code are marked as non-executable to prevent jumping to arbitrary location in memory and executing the code from […]
In this tutorial, we’ll talk about how to harden a Linux system to make it more secure. We’ll specifically use Gentoo Linux, but the concepts should be fairly similar in other distributions as well. Since the Gentoo Linux is a source distribution (not binary, as most other Linux distributions […]
Error Level Analysis is a forensic method to identify portions of an image with a different level of compression. The technique could be used to determine if a picture has been digitally modified. To better understand the techniques, it’s necessary to deepen the JPEG compression technique.
JPEG (Joint Photographic Experts […]
Java is a technology that makes it easy to develop distributed applications, which are programs that can be executed by multiple computers across a network, whether it is local or a wide area network. Java has expanded the Internet role from an arena for communications to a network […]
In .NET, unsafe code really means potentially unsafe code, which is code or memory that exists outside the normal boundary. This article digs into the details of legacy C programming pointer implementation in the .NET framework. However, we will seldom need to use pointer types. Unsafe code can access […]
This outlines the rest of the C++/CLI object oriented programming implementations such as inheritance, interface and polymorphism. We’ll understand the various control statements such as if, while and do-while, as well as other diverse loops. They include the for loop and switch by applying C++/CLI semantics under a CLR […]
File carving is a process used in computer forensics to extract data from a disk drive or other storage device without the assistance of the file system that originality created the file. It is a method that recovers files at unallocated space without any file information and is used […]
This article illustrates the theory and principle behind C++/CLI programming in a .NET CLR context. We shall investigate the remarkable features of C++/CLI programming, for instance its advantage over native C++ language with a CLR context. We’ll run through the basic mechanism to create and executed CLR console and […]
For Part I of these series, please visit this page: http://resources.infosecinstitute.com/windows-systems-and-artifacts-in-digital-forensics-part-i-registry/
This article begins with event logs and discusses their headers’ structure and the structure of their building blocks—the headers of the event records. It mentions some open source tools that can parse event logs and briefly explores event logs […]
Learning about artifacts in Windows is crucial for digital forensics examiners, as Windows accounts for most of the traffic in the world (91.8 of traffic comes from computers using Windows as their operating system as of 2013) and examiners will most likely encounter Windows and will have to collect […]
In this article we are going to learn how to configure ProFTPD service in a CentOS machine. After that we will conduct penetration testing to evaluate the security of FTP service and then we will also learn the countermeasures for vulnerabilities.
Installation and Configuration of FTP Service on Centos Linux […]
Helix3 is a live CD for doing computer forensic investigation and incident response. It is built on top of Ubuntu and comes in both free and commercial forms. This article will cover working with the free Helix Live CD. You can download the live CD from: https://www.e-fense.com/store/index.php?_a=viewProd&productId=11
I am currently […]
Over the year, we have learned innumerable ways of consuming services across the network such as Remoting, COM, COM+, MSMQ, Web Services using ASP.NET and DCOM. Every Technology has its advantage and disadvantage. This article commences by framing the need for WCF and examining the problems it intended to […]
This is a continuation of the first article on SANS Investigate Forensics Toolkit. In this article we will be covering the rest of the tools discussed earlier in the start of the article.
Maltego is an open source intelligence gathering and forensics tool. It provides a library of transforms for […]
The SANS Investigate Forensic Toolkit (SIFT) is an interesting tool created by the SANS Forensic Team and is available publicly and freely for the whole community. It comes with a set of preconfigured tools to perform computer forensic digital investigations. This is based on Ubuntu and has a long […]
In this paper I’ll show you how to find an Android’s user pattern lock. I assume that the technique that I’ll demonstrate can work only on a rooted device. Actually, this article will be based on a problem given on a web-based CTF (Capture the Flag, a computer security […]