Computer Forensics is the methodical series of procedures and techniques used for procuring evidence from computer systems and storage media. This evidence can then be analyzed for relevant information that is to be presented in a court of law. Computer Forensics has frequently been listed as one of the […]
Data recovery has been needed since man started to write things down. Why? Because what ever medium they tried to store the data on, it has always been susceptible to destruction. From earthquakes versus wall paintings to fire versus the library of Alexandria to head crashes versus your corporate […]
Improper handling of session variables in asp.NET websites is considered a serious threat and opens various doors to malicious hackers. For instance, a session variable could be manipulated in a way to subvert login authentication mechanisms. However, this article illustrates a session fixation bug in a .NET website by […]
This is a small tool that can be used to investigate Skype user accounts stored in your PC. First of all, let’s learn how to investigate data manually. This is a very easy to understand article. I hope you have a basic understanding of SQL. All the data is […]
Malware analysis is not a new topic for security analysts, and all engineers are pretty aware of the process and procedures that need to be followed, which are neatly explained in other articles. I would like to showcase the process by citing an example of the Shylock Trojan.
The Shylock […]
We have not performed any live investigation. This was a part of our university assignment, wherein we assumed the roles of forensics investigator, determining what methods were applicable. You are welcome to come up with your own findings and resolve the case. We attempted to follow the global […]
Introduction to Docker
In this article, we’ll first introduce Docker and try to explain how it works. After setting the stage, we’ll simulate the file upload vulnerability by copying the shell into the Redmine Docker image. This is effectively the same as if an attacker would find and exploit the […]
Android is one of the most open, versatile, and customizable mobile operating systems out there. Android is a Linux-based operating system with market share – 79.70% in smart phones. Android is a software stack for mobile devices that includes an operating system, middleware and key applications.
Android operating system […]
An icon on the Windows desktop represents a directory in which deleted files are temporarily stored. This enables you to retrieve files that you may have accidentally deleted. From time to time, you’ll want to purge the recycle bin to free up space on your hard disk. You can […]
Skype is an application that enables voice and video calls, instant messaging, file transfers, and screen sharing between users. Millions of people download and use Skype everyday for voice and video calling, messaging, sharing and low-cost local and international calls.
If you have a Microphone and Speakers, you can use […]
Honeypots are special programs that are written for a sole purpose: to be exploited. Honeypots can emulate the existence of the vulnerability, so the attackers, viruses and worms are attracted to this system which appears to be poorly secured. The honeypots collect as much information as they can […]
When discussing cloud forensics, we’re actually talking about the intersection between cloud computing and network forensic analysis. Cloud computing basically refers to a network service that we can interact with over the network; this usually means that all the work is done by a server somewhere on the Internet, which […]
Digital forensics is the process of identifying and collecting digital evidence from any medium, while preserving its integrity for examination and reporting. It can be defined as the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and […]
Computer forensics involves the processes of analyzing and evaluating digital data as evidence. It is the analysis of information contained within and created with computer systems and computing devices, typically in the interest of figuring out what happened, when it happened, how it happened, and who was involved. Computer […]
In this article, I’m going to focus on prefetch files, specifically, their characteristics, structure, points of interest in terms of forensic importance, uses, configuration, forensic value and metadata.
For part one of the series, which discusses the Windows Registry, please visit: http://resources.infosecinstitute.com/windows-systems-and-artifacts-in-digital-forensics-part-i-registry/
For part two of the series, which discusses […]
The SIM (subscriber identity module) is a fundamental component of cellular phones. It also known as an integrated circuit card (ICC), which is a microcontroller-based access module. It is a physical entity and can be either a subscriber identity module (SIM) or a universal integrated circuit card (UICC). A […]
Grsecurity and Xorg
If we enable the “Disable privileged I/O” feature in the hardened kernel and reboot, we can’t start X server. That’s because Xorg uses privileged I/O operations. We might receive an error like this:
If we would like to use Xorg, we must enable privileged I/O operations. That disables […]
The checksec.sh file is a Bash script used to verify which PaX security features are enabled. The latest version can be downloaded with the wget command:
Let’s take a look at how checksec.sh does what it does. Let’s first run it without any arguments, which will print its help page […]
Configuring PaX with Grsecurity
We’ve already briefly discussed PaX, but now it’s time to describe it in detail. PaX provides the following security enhancements:
Non-executable memory: Sections that do not contain actual program code are marked as non-executable to prevent jumping to arbitrary location in memory and executing the code from […]
In this tutorial, we’ll talk about how to harden a Linux system to make it more secure. We’ll specifically use Gentoo Linux, but the concepts should be fairly similar in other distributions as well. Since the Gentoo Linux is a source distribution (not binary, as most other Linux distributions […]