If you’re reading this article, you have probably heard of a sandbox before. But, in case you haven’t, I’ll provide a quick explanation of what a sandbox really is. It is a technique which we can use to run a possibly malicious program in a safe environment, so it […]
For part one of this series, please click here.
So, in the previous part we saw how we can set up the environment for finding clues and also how to set up Autopsy. The previous part was a bit boring since there was no action at all, just some basic […]
First Responder’s Guide to Computer Forensics – CERT (search for it on Google)
Sometimes out of curiosity you might happen to hack a government computer, and as the adrenaline is working, you forget to erase some of the traces you’ve done while making the breach. In short, you are […]
A lot of sniffers, rootkits, botnets, backdoor shells and malwares are still on the wild today, which are used by malicious attackers after successfully pawning a certain server or any live network in order to maintain their access, elevate their access privilege, and spy other users in a network. […]
This article is in continuation of Part 1 of the series on Ghost USB Honeypot. Malware threats have become very common these days and hence the need of honeypots to detect those malwares have become equally important. In the last few years, we have seen how USB based malwares […]
A few weeks ago, I happened to read an article from pir8geek.com (a blog about Linux goodies and tips) about a new tool which is very useful to system administrators and users for monitoring their files, folders, configurations, backups, scripts and directories in Windows, Linux, FreeBSD, Mac OS, and […]
Yes, you read the title right and I hope I just grabbed your attention! A new GNU/Linux distribution or distro designed for helping you in every aspect of your mobile forensics, mobile malware analysis, reverse engineering and security testing needs and experience has just been unleashed and its alpha […]
In the first part of this article, we covered techniques for reading iTunes backups. In the second part of this article, we disclosed the procedure to extract protection class keys from the Backup Keybag and covered the techniques and tools for decrypting the protected backup files and the encrypted […]
In the first part of this article, we discussed the techniques to read iTunes backups. The following article discloses the procedure to extract protection class keys from the Backup Keybag and covers the techniques & the tools to decrypt the protected backup files and the encrypted backups.
Data protection mechanism […]
A backdoor shell can be a PHP, ASP, JSP, etc. piece of code which can be uploaded on a site to gain or retain access and some privileges on a website. Once uploaded, it allows the attacker to execute commands through the shell_exec () function, upload/delete/modify/download files from the […]
iPhone forensics can be performed on the backups made by iTunes or directly on the live device. This Previous article on iPhone forensics detailed the forensic techniques and the technical challenges involved in performing live device forensics. Forensic analysis on a live device reboots the phone and may alter […]
iPhone forensics can be performed on the backups made by iTunes (escrow key attack) or directly on the live device. This article explains the technical procedure and the challenges involved in extracting data from the live iPhone.
iPhone 4 GSM model with iOS 5 is used for forensics.
Extracting data […]
Digital forensics is one of the most interesting and exciting fields of information security that you can ever be fortunate enough to work in, but not for the reasons you might expect. To those who have never been involved in an investigation, sorry to disappoint, it’s nothing like the […]
In my last article, we’d discussed the most important ways in which a rootkit enters a system and subsequently masks its presence so it isn’t detected. We’d also looked at two popular rootkit detectors in Tuluka and Gmer, and discussed what rootkit masking techniques they are able to identify […]
I was showing off a trick to export Firefox SQLite tables to a spread sheet, and while she is a forensics person, she had never ever heard of this trick. It is neat enough to know when working off an image to pull the entire history of a Firefox […]
A rootkit is a piece of software that is written by someone, who at the very least, wants to spy on specific system calls made by an application, for some purpose. It’ll usually hide itself from normal directory and process listings made either by native OS tools, or third […]
There is this misconception that iPhones are protected by the iPhone passcode. This may be true for non-jailbroken iPhones, but not for jailbroken ones.
It is possible to have root access to the iPhone file system using tools from libimobiledevice.org, even when the locked jailbroken iPhone is protected by the […]
Lets pick up where we left off with the rootkit and post-exploitation video (http://www.youtube.com/watch?v=izv1b-BTQFw). Except, we are now doing incident response.
First you’ll see some normal live forensics on the victim and come up with nothing. Then we show how using network forensics techniques (looking at the victim from the […]
SSL and network monitoring aren’t the most compatible of partners – even with the most sophisticated detection infrastructure in the world, you’ll not derive many useful indicators from the barren randomness of encrypted traffic. Consider the plight of the Sguil sensor shown below:
The webserver’s use of SSL means that […]
NEWSFLASH: AnyTown Local News reports this Monday morning that the recent spate of office break-ins has continued with a weekend raid on the downtown branch office of HugeMegaCorp. In a statement, HugeMegaCorp said that “when staff arrived at the office on Monday morning, two laptops and a router were […]