System Forensics

All your artifacts are belong to us.

Journey into OSX and iOS

I have been pretty busy at the office and I also sort of ran out of blog ideas so I have been slacking on blog posts. I’m going to attempt to remedy all this by starting down a new path, which in this case is OSX and iOS. I don’t have much (any) experience with […]

, ,

Do not fumble the lateral movement

I posted a blog post about Windows Processes and how knowing what’s “normal” can be used to spot malicious processes. You can find the post here: I got quite a bit of positive feedback on that post so I figured I would write a similar one for spotting lateral movement on systems. There are […]

, , , ,

Know your Windows Processes or Die Trying

I have been talking with quite a few people lately tasked with “security” inside their organizations and couldn’t help but notice their lack of understanding when it came to Windows process information. I figured if the people I have talked with don’t understand then there are probably a lot more people that don’t understand. I’m […]

, ,

Build your own NSRL Server

It’s been a long time since I wrote a blog post. I moved to Singapore and started a new job and I simply lost track of time. I couldn’t let the year end without getting at least a few posts up. I promise 2014 will be better as I actually missed blogging this year. This […]

, ,

LastWriteTime and LastAccessTimes via Powershell

I read a blog post by Boe Prox while sitting on the beach in Cebu this past weekend, which oddly enough is the same guy I used to work with about 6+ years ago when I was working for BAE Systems back in Nebraska. Small world, eh? In either case here is the post: Write to an […]

, , , , ,

APTish Attack via Metasploit – Part IV – File System Forensics

Welcome back for the final part of my APTish Attack via Metasploit series. If you haven’t read any of the other posts I suggest you read them so you can get an idea of where we are starting from. You can find them here: Part I, Part II, and Part III Let’s get started…. TIMELINE ANALYSIS: […]

, , , , ,

Browser Artifact Recovery Forensic Framework – BARFF

Hello all, I wanted to take a few minutes and let you know that I am releasing some code I have been working on over the past couple weeks. I blogged awhile back about how I wanted to learn more about Python while also learning about digital forensics. Well, I finally got around to it […]

, , , ,

APTish Attack via Metasploit – Part III – Memory Analysis

INTRO: Some of you might be familiar with GrrCon [1]. I wasn’t until this year. I found out about them after reading a post by the Volatility guys/gals [2]. In the post they discuss how they used volatility to analyze the GrrCon challenge. The write up on the analysis was really good and it goes to show the power of memory forensics. […]

, , , , , ,

Previous Posts

Theme created by Powered by