A lot of sniffers, rootkits, botnets, backdoor shells and malwares are still on the wild today, which are used by malicious attackers after successfully pawning a certain server or any live network in order to maintain their access, elevate their access privilege, and spy other users in a network. […]
This article is in continuation of Part 1 of the series on Ghost USB Honeypot. Malware threats have become very common these days and hence the need of honeypots to detect those malwares have become equally important. In the last few years, we have seen how USB based malwares […]
A few weeks ago, I happened to read an article from pir8geek.com (a blog about Linux goodies and tips) about a new tool which is very useful to system administrators and users for monitoring their files, folders, configurations, backups, scripts and directories in Windows, Linux, FreeBSD, Mac OS, and […]
Yes, you read the title right and I hope I just grabbed your attention! A new GNU/Linux distribution or distro designed for helping you in every aspect of your mobile forensics, mobile malware analysis, reverse engineering and security testing needs and experience has just been unleashed and its alpha […]
In the first part of this article, we covered techniques for reading iTunes backups. In the second part of this article, we disclosed the procedure to extract protection class keys from the Backup Keybag and covered the techniques and tools for decrypting the protected backup files and the encrypted […]
In the first part of this article, we discussed the techniques to read iTunes backups. The following article discloses the procedure to extract protection class keys from the Backup Keybag and covers the techniques & the tools to decrypt the protected backup files and the encrypted backups.
Data protection mechanism […]
A backdoor shell can be a PHP, ASP, JSP, etc. piece of code which can be uploaded on a site to gain or retain access and some privileges on a website. Once uploaded, it allows the attacker to execute commands through the shell_exec () function, upload/delete/modify/download files from the […]
iPhone forensics can be performed on the backups made by iTunes or directly on the live device. This Previous article on iPhone forensics detailed the forensic techniques and the technical challenges involved in performing live device forensics. Forensic analysis on a live device reboots the phone and may alter […]
iPhone forensics can be performed on the backups made by iTunes (escrow key attack) or directly on the live device. This article explains the technical procedure and the challenges involved in extracting data from the live iPhone.
iPhone 4 GSM model with iOS 5 is used for forensics.
Extracting data […]
Digital forensics is one of the most interesting and exciting fields of information security that you can ever be fortunate enough to work in, but not for the reasons you might expect. To those who have never been involved in an investigation, sorry to disappoint, it’s nothing like the […]
In my last article, we’d discussed the most important ways in which a rootkit enters a system and subsequently masks its presence so it isn’t detected. We’d also looked at two popular rootkit detectors in Tuluka and Gmer, and discussed what rootkit masking techniques they are able to identify […]
I was showing off a trick to export Firefox SQLite tables to a spread sheet, and while she is a forensics person, she had never ever heard of this trick. It is neat enough to know when working off an image to pull the entire history of a Firefox […]
A rootkit is a piece of software that is written by someone, who at the very least, wants to spy on specific system calls made by an application, for some purpose. It’ll usually hide itself from normal directory and process listings made either by native OS tools, or third […]
There is this misconception that iPhones are protected by the iPhone passcode. This may be true for non-jailbroken iPhones, but not for jailbroken ones.
It is possible to have root access to the iPhone file system using tools from libimobiledevice.org, even when the locked jailbroken iPhone is protected by the […]
Lets pick up where we left off with the rootkit and post-exploitation video (http://www.youtube.com/watch?v=izv1b-BTQFw). Except, we are now doing incident response.
First you’ll see some normal live forensics on the victim and come up with nothing. Then we show how using network forensics techniques (looking at the victim from the […]
SSL and network monitoring aren’t the most compatible of partners – even with the most sophisticated detection infrastructure in the world, you’ll not derive many useful indicators from the barren randomness of encrypted traffic. Consider the plight of the Sguil sensor shown below:
The webserver’s use of SSL means that […]
NEWSFLASH: AnyTown Local News reports this Monday morning that the recent spate of office break-ins has continued with a weekend raid on the downtown branch office of HugeMegaCorp. In a statement, HugeMegaCorp said that “when staff arrived at the office on Monday morning, two laptops and a router were […]
This analysis comes in handy in computer forensics cases such as porn or child pornography investigations. This video shows how to search through hundreds of thousands of images on a hard drive and find only those with human flesh tones in them. We also look at Slack/Free Space and […]
This makes sure that the drive is unmounted. It may generate an error if the drive is not mounted,
but that is ok.
mount -o rw /dev/sda1 /media/sda1
This will mount the drive as read/write, while the umask=000 options allows all users to read,
write, and execute files on the media.
This article was part of a talk presented at BSidesChicago.
Whats Up With These Pesky Shells?
Web servers have become one of the main targets of malicious activity and are often a weak point within an organization’s infrastructure. Web application code is often deployed and forgotten or unmaintained by an organization, […]