In this article, we will look in depth at a virus written in Visual Basic. We look at various techniques used by this virus to deter the process of reverse engineering. Each technique is discussed in depth with the help of screenshots and assembly language code with comments.
Original Entry […]
This is the first article out of a series of articles that I am planning to write on vulnerability assessment of SNMP Service. SNMP – also known as Simple Network Management Protocol. SNMP is a protocol managing devices on Internet Protocol (IP) network. As the name suggests, It is […]
With the ever increasing cases of malware, many of the youngsters are switching over to analyzing malwares and its various aspects. A simple search in Google will give you information on how to use various tools, but for a newbie, the issue where to begin rather than grasping the […]
Recent security advisories reveal that the web exploit kits like the Blackhole Exploit Kit are responsible for the vast majority of web attacks and malware infections taking place over the World Wide Web. So, the question arises what are these exploit kits that we are talking about? These exploit […]
The article tries to cover various Android forensic techniques that can be helpful in a variety of situations. The techniques or discussions below can be either logical or physical. However, we will try to stick mostly to logical techniques. By the word ‘logical,’ the technique would mostly involve accessing […]
The point of this article is to lay down the conceptual groundwork of numerous .NET related topics such as CLR, CTS, CLS, Managed Code, JIT Compilation, Security, Assemblies and Reflection. You will also understand the relationship between various aspect of .NET framework, such as Common Type System (CTS) and […]
Security is an essential part of .NET applications and should be taken into consideration from the grass root level. Security is all about protecting your assets from unauthorized actions. Code Access Security a concept of .NET framework introduced to Windows enables you to control the permissions that individual application […]
For part one, click here
1. – Analysis Prevention and Memory Resident Execution
The second part of this document examines those that are the most advanced techniques regarding to the anti-forensics. The basic idea of “analysis prevention”, is that if evidence is never created or generated, this should not be deleted, […]
Paraben’s iRecovery Stick is a USB flash drive designed to recover deleted data from Apple iOS devices like the iPhone, iPad and iPod touch. The product allows investigators to recover data either directly from the device or from iTunes back-up files. It is designed to support all iOS versions […]
This document is a general summary on the most widely used techniques currently to hide or to make unrecoverable digital tracks of a crime in magnetic media. The practice of collecting as much information and documentation about a crime, computer related or not, falls under the name of […]
We all love messaging and using IMs on our smartphones to stay in touch with our friends and family. We use various mobile apps like WhatsApp to IM without having to pay for SMS and this lead to the popularity of this famous app. WhatsApp is a cross-platform mobile […]
First Responder’s Guide to Computer Forensics – CERT (search for it on Google)
Sometimes out of curiosity you might happen to hack a government computer, and as the adrenaline is working, you forget to erase some of the traces you’ve done while making the breach. In short, you are […]
Yes, you read the title right and I hope I just grabbed your attention! A new GNU/Linux distribution or distro designed for helping you in every aspect of your mobile forensics, mobile malware analysis, reverse engineering and security testing needs and experience has just been unleashed and its alpha […]
In the first part of this article, we covered techniques for reading iTunes backups. In the second part of this article, we disclosed the procedure to extract protection class keys from the Backup Keybag and covered the techniques and tools for decrypting the protected backup files and the encrypted […]
iPhone forensics can be performed on the backups made by iTunes (escrow key attack) or directly on the live device. This article explains the technical procedure and the challenges involved in extracting data from the live iPhone.
iPhone 4 GSM model with iOS 5 is used for forensics.
Extracting data […]
Lets pick up where we left off with the rootkit and post-exploitation video (http://www.youtube.com/watch?v=izv1b-BTQFw). Except, we are now doing incident response.
First you’ll see some normal live forensics on the victim and come up with nothing. Then we show how using network forensics techniques (looking at the victim from the […]
This analysis comes in handy in computer forensics cases such as porn or child pornography investigations. This video shows how to search through hundreds of thousands of images on a hard drive and find only those with human flesh tones in them. We also look at Slack/Free Space and […]
Alternate Data Streams are a way to store data on a machine that is not readily accessible to users. Using ADS, files are not easily accessible by Windows operating system and they do not show up in any file directory. Windows generates it’s own ADS files and most P2P […]
Sometimes the best evidence of a network intrusion resides in network or traffic logs. Snort is a well known open-source traffic analysis and network intrusion detection tool. However, using the logs from Snort we can also see how the intrusion happened, rather than just that an intrusion happened.
We’ll use Snort […]
In this video, we will review the wealth of forensic data stored on an iPhone 3Gs using Paraben’s Device Seizure software.
The iPhone is one of the most popular mobile devices on the market and that makes it a popular target for malware developers and data thieves.
Some of the types […]