A digital forensic investigation generally consists of five major steps :
A brief about various Linux tools available:
There are multiple Linux tools used for imaging and analysis of disks and drives. They also come as several distributions containing all necessary tools to carry out Forensics, e.g. […]
In this article we will see how malware encode or encrypt data that’s exfiltrated to the Command and Control Server from infected machines. This is often done using a custom encoding or encryption algorithm.
It is becoming increasingly common these days to see malware using this technique to prevent Security […]
This is our second article in a series on vulnerability assessment of SNMP Service. In the previous article, we learned how we could set up a SNMP Service on a Linux box (Ubuntu in our case). From this article onwards, we’ll start covering tools that we can use when […]
In this article, we will look in depth at a virus written in Visual Basic. We look at various techniques used by this virus to deter the process of reverse engineering. Each technique is discussed in depth with the help of screenshots and assembly language code with comments.
Original Entry […]
This is the first article out of a series of articles that I am planning to write on vulnerability assessment of SNMP Service. SNMP – also known as Simple Network Management Protocol. SNMP is a protocol managing devices on Internet Protocol (IP) network. As the name suggests, It is […]
With the ever increasing cases of malware, many of the youngsters are switching over to analyzing malwares and its various aspects. A simple search in Google will give you information on how to use various tools, but for a newbie, the issue where to begin rather than grasping the […]
Recent security advisories reveal that the web exploit kits like the Blackhole Exploit Kit are responsible for the vast majority of web attacks and malware infections taking place over the World Wide Web. So, the question arises what are these exploit kits that we are talking about? These exploit […]
The article tries to cover various Android forensic techniques that can be helpful in a variety of situations. The techniques or discussions below can be either logical or physical. However, we will try to stick mostly to logical techniques. By the word ‘logical,’ the technique would mostly involve accessing […]
The point of this article is to lay down the conceptual groundwork of numerous .NET related topics such as CLR, CTS, CLS, Managed Code, JIT Compilation, Security, Assemblies and Reflection. You will also understand the relationship between various aspect of .NET framework, such as Common Type System (CTS) and […]
Security is an essential part of .NET applications and should be taken into consideration from the grass root level. Security is all about protecting your assets from unauthorized actions. Code Access Security a concept of .NET framework introduced to Windows enables you to control the permissions that individual application […]
For part one, click here
1. – Analysis Prevention and Memory Resident Execution
The second part of this document examines those that are the most advanced techniques regarding to the anti-forensics. The basic idea of “analysis prevention”, is that if evidence is never created or generated, this should not be deleted, […]
Paraben’s iRecovery Stick is a USB flash drive designed to recover deleted data from Apple iOS devices like the iPhone, iPad and iPod touch. The product allows investigators to recover data either directly from the device or from iTunes back-up files. It is designed to support all iOS versions […]
This document is a general summary on the most widely used techniques currently to hide or to make unrecoverable digital tracks of a crime in magnetic media. The practice of collecting as much information and documentation about a crime, computer related or not, falls under the name of […]
We all love messaging and using IMs on our smartphones to stay in touch with our friends and family. We use various mobile apps like WhatsApp to IM without having to pay for SMS and this lead to the popularity of this famous app. WhatsApp is a cross-platform mobile […]
First Responder’s Guide to Computer Forensics – CERT (search for it on Google)
Sometimes out of curiosity you might happen to hack a government computer, and as the adrenaline is working, you forget to erase some of the traces you’ve done while making the breach. In short, you are […]
Yes, you read the title right and I hope I just grabbed your attention! A new GNU/Linux distribution or distro designed for helping you in every aspect of your mobile forensics, mobile malware analysis, reverse engineering and security testing needs and experience has just been unleashed and its alpha […]
In the first part of this article, we covered techniques for reading iTunes backups. In the second part of this article, we disclosed the procedure to extract protection class keys from the Backup Keybag and covered the techniques and tools for decrypting the protected backup files and the encrypted […]
iPhone forensics can be performed on the backups made by iTunes (escrow key attack) or directly on the live device. This article explains the technical procedure and the challenges involved in extracting data from the live iPhone.
iPhone 4 GSM model with iOS 5 is used for forensics.
Extracting data […]
Lets pick up where we left off with the rootkit and post-exploitation video (http://www.youtube.com/watch?v=izv1b-BTQFw). Except, we are now doing incident response.
First you’ll see some normal live forensics on the victim and come up with nothing. Then we show how using network forensics techniques (looking at the victim from the […]
This analysis comes in handy in computer forensics cases such as porn or child pornography investigations. This video shows how to search through hundreds of thousands of images on a hard drive and find only those with human flesh tones in them. We also look at Slack/Free Space and […]