Último Curso Virtual Informática Forense del año 2023. (Gratis mi Libro Fundamentos de Forense Digital). Domingos 8, 15, 22 y 29 de Octubre. De 9:00 am a 12:00 pm (UTC -05:00). #cybersecurity #hacking #readteam #bugbounty #forensics #osint Información: https://www.reydes.com/d/?q=Curso_de_Informatica_Forense
#Último #Curso #Virtual #Informática #Forense del año 2023. (Gratis mi Libro Fundamentos de Forense Digital) Domingos 8, 15, 22 y 29 de Octubre. De 9:00 am a 12:00 pm (UTC -05:00). #cybersecurity #hacking #readteam #bugbounty #forensics #osint Información: https://www.reydes.com/d/?q=Curso_de_Informatica_Forense
Último #Curso #Virtual #Informática #Forense del año 2023. (Gratis mi Libro Fundamentos de Forense Digital) Domingos 8, 15, 22 y 29 de Octubre. De 9:00 am a 12:00 pm (UTC -05:00). #cybersecurity #hacking #readteam #bugbounty #forensics #osint Información: https://www.reydes.com/d/?q=Curso_de_Informatica_Forense
Students from the National Autonomous University of Mexico developed Tequila OS 2.0, the first Linux distribution in Latin America, specializing in performing forensic analysis in Spanish.
Último #Curso Virtual de #Informática #Forense del año 2023. (Gratis mi Libro Fundamentos de Forense Digital) Domingos 8, 15, 22 y 29 de Octubre. De 9:00 am a 12:00 pm (UTC -05:00). #cybersecurity #hacking #readteam #bugbounty #forensics #osint Información https://www.reydes.com/d/?q=Curso_de_Informatica_Forense
Caribbean Parrots Are Remnants Of A Millennial Scale Extinction | Florida Museum USFWS #forensics | PNAS
by @GrrlScientist via Forbes Science / Forbes
#SciComm #parrots #ornithology #genetics #paleontology #archaeology #museums #biodiversity https://www.forbes.com/sites/grrlscientist/2023/09/27/caribbean-parrots-are-remnants-of-a-millennial-scale-extinction/
Último #Curso Virtual de #Informática Forense del año 2023. (Gratis mi Libro Fundamentos de Forense Digital) Domingos 8, 15, 22 y 29 de Octubre. De 9:00 am a 12:00 pm (UTC -05:00). #cybersecurity #hacking #readteam #bugbounty #forensics #osint Información: https://www.reydes.com/d/?q=Curso_de_Informatica_Forense
Passed the presentation and answering of questions of my bachelor thesis! Got a 1.0 (german gradeing scale) which is the best possible. I now officially earned my degree as bachelor of engineering in "Forensic Engineering" being 44yrs old.
4 years of blood, sweat and tears studying while in a full time job are finally over. Time for the bottle of beer I had kept in the fridge for this exact moment! Cheers everybody!
#Forensics: identifying the dead after flood or flames
Último #Curso Virtual de Informática Forense del año 2023. (Gratis mi Libro Fundamentos de Forense Digital). Domingos 8, 15, 22 y 29 de Octubre. De 9:00 am a 12:00 pm (UTC -05:00). #cybersecurity #hacking #readteam #bugbounty #forensics #osint Información: https://www.reydes.com/d/?q=Curso_de_Informatica_Forense
Último Curso Virtual de Informática Forense del año 2023. (Gratis mi Libro Fundamentos de Forense Digital). Domingos 8, 15, 22 y 29 de Octubre. De 9:00 am a 12:00 pm (UTC -05:00). #cybersecurity #hacking #readteam #bugbounty #forensics #osint Información: https://www.reydes.com/d/?q=Curso_de_Informatica_Forense
hashlookup-forensic-analyser version 1.3 has been released - including Bloom filter improvements and bugs fixed. You can now specify the hash algorithm used for the Bloom filter sets.
hashlookup-forensic-analyser analyses a forensic target (such as a directory) to find and report files found and not found from CIRCL hashlookup public service.
🔗 Source code - https://github.com/hashlookup/hashlookup-forensic-analyser
🔗 Release notes - https://github.com/hashlookup/hashlookup-forensic-analyser/releases/tag/v1.3
1) Extract email safely: extract-msg --save-header < mail.msg >
2) Check from/received (gateway)
3) Check IP-repuration
4) Check SPF/DMARC/DKIM with https://github.com/sthierolf/network-automation-scripts/blob/master/dds-quick-test.py
5) Check IP/domain actually belongs to the sender!
Yesterday I had a pretty cool scenario-based forensics questions that involve a bit of deduction and analysis. It was a cool debate and I learned a new tool as well :-)
I really enjoyed that so I made a few questions myself to sprinkle in between my regular toots for sh1ts and Giggles.
An incident responder finds a file named "samdump.txt". What type of information is he likely expecting to find in it?
Unearth the #Cairo Toe! 🦶 Dating back to 950-710 BCE, this wooden prosthetic toe from ancient #Egypt, now in the British Museum, reflects remarkable innovation. More than art, it's functional, enhancing mobility. A testament to resilience through the ages.
#prosthetics #prosthesis #culturalheritage #archaeology #anthropology #bonehealth #biomaterials #ancientegypt #surgery #forensicscience #forensics #historyunveiled #innovation #sciart #qualityoflife #britishmuseum #history #engineering
After having my day off yesterday I entered office today, started my lab computer and... nothing.
The box didn't start at all. Maybe it's the PSU or mainboard itself. A great way to start the week.
Now I have to spend 1-3 days to find out where it was ordered by purchasing department, another 2-3 days to get them start the warranty process and 2-6 weeks until I have a working computer back.
In the meantime I'll be working through RDP on our big server. yuk.
"Identification of (malicious) modifications in memory-mapped image files" by Frank Block
I’m happy to announce the publication of the paper Windows memory forensics: Identification of (malicious) modifications in memory-mapped image files at this years DFRWS USA, and the release of the corresponding plugin. With this research came also an update to the Ptenum family (affecting espe…
Fun investigation fact for today: In the early '90s I once got reasonable grounds for a search warrant and an arrest based on the lexical punctuation analysis of a speech synthesis output used as a death threat, matched against the suspect's previously recorded typed communication patterns.
That remains some of my favourite forensic work to this day,
Now there's this nonsense.
📢 We're looking for a new colleague in #Cybersecurity to join us at #UniBayreuth on a tenure track position! 🤩 Deadline September 30. Please share. Details here: https://www.uni-bayreuth.de/junior-professor-of-cybersecurity-salary-grade-w1-with-tenure-track-to-w3-cb59c2f254e1f6b6
#professorship #tenuretrack #security #privacy #cryptography #forensics
How to recover data from a failed #sandisk Extreme SSD drive*. The data appears to remain on the drive though it is not available through the OS. Do not format or otherwise modify the disk prior to recovery.
First make sure you have empty storage greater than two times the size of the #sandisk drive.
Remember advertised drive size may not exactly translate across manufacturers. For example, a 1TB #sandisk SSD drive may not fit on a formatted 1TB hard drive.
1. Image the drive using DD or FTK Imager. If you use FTK Imager select DD as the output format. Set the image fragment to 0 to make a single output image file. After the image is made rename the output file to have a DD extension rather than 001.
When you load the drive into Windows it will appear empty due to the firmware bug. Ignore that, the imaging software will grab the drive contents directly.
2. Load the image file into PhotoRec data recovery tool and select free search to search the entire drive. Export the recovered files to the free drive.
The files will not remain in the same folder structure, but at least the files are recovered.
The recovery process will take hours to go through all the sectors on the entire disk image.
FTK Imager: https://www.exterro.com/ftk-imager
Digital #Forensics Incident Response and Detection engineering https://github.com/adrianlois/DFIR-Detection-Engineering
Open-source digital #forensics and incident response
Velociraptor enables you to conduct precise and rapid collection of digital forensic data across multiple endpoints simultaneously.
Persistently gather events from endpoints, including event logs, file changes, and process activities. Store these events centrally for an unlimited period, allowing for historical examination and analysis.
Be proactive rather than reactive. You can use a collection of forensic artifacts to actively hunt for questionable activities and tailor the search to meet your unique threat detection requirements.
Anyone preform root cause analysis on the drive loss?
Is it as simple as a corrupt $MFT and the remaining sectors are fine, or is the entire drive contents gone due to hardware issue?
This weekend ill try and carve out the data to see if I can find anything, but I am not hopeful.
As Seen w/#IMSIcatchers (aka #Stingrays, DRTBOX), Cellebrite Asks For Silence In The Courts...
Afterall, true challenge / discovery in court ("fair trial") could threaten more important things... shareholder profits, intel / access
Working on a little paper at the moment.
If you've decided to reduce forensic science work for CJS, or have battled to achieve compliance with the new FSR Code - I'd love to hear from you.
If your insurers have discussed it with you, what did they say?
If you can carry on as you are, without compliance, I'd love to hear how you're doing it.
Please comment or message me. All confidential. No direct quotes will be published.
First day at work after a week off.
Had approx. 1hr of sleep last night.
Got punched in the face by the 30°C heat inside the office when I opened the door at 6am.
That's how a Monday has to start. Better I head home at noon.
Axiom doesn't need me to be at the office to crash while processing evidence.
With less than seven weeks to go until QED 2023, we are delighted to add two more speakers to our main-stage lineup: human behaviour specialist Dr Kirsty Sedgman, and forensic anthropologist and decomposition expert Professor Anna Williams.
Tracking Down a Suspect through Cell Phone Records
Interesting forensics in connection with a serial killer arrest:
Investigators went through phone records collected from both midtown ... https://www.schneier.com/blog/archives/2023/07/tracking-down-a-suspect-through-cell-phone-records.html
“Nilo was first arrested in May in connection with several decades-old rapes in Boston. He was identified using forensic genetic genealogy.
After Nilo was identified as a person of interest, he was put under surveillance by law enforcement and the FBI was able to obtain various utensils and drinking glasses that they saw Nilo use at a corporate event…” #forensics #genealogy #fbi #dna
Another small #RaspberryPi project. #DFIR #Forensics https://bakerstreetforensics.com/2023/07/01/raspberry-pi-forensics-hacking-gadget/ Raspberry Pi Forensics Hacking Gadget
Hey, all. This one is to help a friend. An abuser in her life opened a number of Google and other accounts in her name. We're already getting law enforcement involved. We want to take a forensic copy of the phone before we factory reset it. Any software recommendations?
While collecting the evidence in 2023 we (Marco Lux & Pedro Umbelino) recognized the ESXi attack by a random #ransomware group. We decided it is time to publish our results which cumulated in CVE-2023-29552 #vuln #forensics ( via John Kristoff )
Interestingly, #internet search engines like @shodan, still missing SLP in their collection, which is a pity. #ddos #systems #devices #products #services #tools #routers #management #cyber #printers #daemons #hypervisors #networks #threats #informatique
These people are my absolute heroes.
This is what an accountability ecosystem looks like.
💀Help solve this mystery!
Twenty five years ago, a small cardboard box was found on the side of a road in Norcross, Georgia. It held the partial skeletal remains of two children.
A note on the box read, “attention police, my bones were legally exhumed from South Georgia, please return them to their proper repose.”
The Gwinnett County Medical Examiner analyzed the bones and determined them to belong to a baby around one year old and a teenager between 12-15 years old. Oddly, the two are not related to each other.
The box also contained fragments of casket hardware. They were dated to somewhere between the 1900s and 1940s, which is consistent with the age of the bones. The children were likely buried sometime within that period.
Unfortunately, they were unable to identify the children, so they’ve been kept at the ME’s office pending new information and technological advances.
That day may soon be here! Gwinnett County ME has partnered with Othman Labs to perform extensive genetic genealogy tests on the remains and establish family trees. Hopefully they’ll be able to identify relatives and discover someone who will name and claim these poor children.
Here’s where YOU come in.
There is little funding for pursuing cold cases like these. Gwinnett County ME has resorted to crowdfunding in order to pay the private lab for their supplies & research.
Are you able to contribute? Each child needs about $7500 raised to conduct the necessary investigations. Even a small amount donated gets them closer to being named & laid to rest.
If you’re unable to contribute financially, will you at least help spread the word? SHARE with folks in the funeral profession, true crime aficionados, supporters of children’s causes, or anyone else you think might be touched by this case.
Every body deserves a name.
Every body deserves to rest in peace.
@filippo is a wonderful follow. I’m grateful for him making this.
Also for some reason seeing it laid out like this made me think of them like they are the equivalent of the Linux Rules of Acquisition
“It is not like you see on TV, where somebody discovers somebody is innocent, and the next day they get out.”
Staff Writer Michelle Pitcher reports on a second big victory for the team that's fighting false convictions caused by bad #forensics in #Austin:
We got any bone or #forensics experts on the Fediverse? This piece I found near a beach looks suspiciously human? I have left in situ but an contemplating turning it over to gardaí with GPS coords?
Here's a quick post about the practice of media archaeology and a piece of the history of a prominent #BBS.
The @mediaarchaeologylab has a box that was donated that used to be the controller for a BBS called The Thing. It ran DOS and had a physical telephone line adapter called an IPAD (not to be confused with the Apple device) that allowed up to 16 people at a time to dial in to the BBS, which was running a commercial BBS software called TBBS.
This BBS was and still remains an important piece of the history of BBSes, because it was mainly populated by artists based in New York in the late 90s. There is still a website (https://thing.net/) though it looks like it hasn't been updated in a while.
I've been trying to get this box online for a while - since the Before Times - but the hard drive (a whopping 425MB) has been...uncooperative. I've previously tried to use a number of IDE interface tools to mount the drive or image it, but the platters seem not to like it very much.
Well, yesterday I brought in a device that I've owned for years but never used. It's called a Logicube Forensic MD5. It's a standalone device designed to create forensically-valid clones of hard drives and their files for law enforcement investigators that they can use to demonstrate chain of custody. This model was designed for IDE/ATA hard drives, the generation this DOS box used. I've had it in a storage closet for going on 20 years and decided to bust it out.
And you know what? This thing WORKS GREAT. It made a drive image using onboard dd which I was able to mount in other tools. It did this in minutes. From what it looks like, the entire filesystem is intact. Not only was it loaded with an unreleased beta version of the IPAD software, it seems to have a lot of BBS files stored on it that bear scrutiny. The system seems to have last booted up in 1998, so many of these files haven't seen the light of day in nearly a quarter century.
And now...the real work begins on looking through those files to see what we can learn about this important piece of history.
Hey #DFIR community, does anyone have any experience doing LINUX memory forensics without using Volatility?
I don't mean manually carving through /proc or using EDR tools, I mean if someone shipped you an Evidence.lime sample and you couldn't use Volatility, is there a solution? #linux #forensics #incidentrerponse #cybersecurity #infosec
Lubbock Heart and Surgical Hospital sued for breach where no one knows for sure whether data was accessed or acquired: https://www.databreaches.net/lubbock-heart-and-surgical-hospital-sued-for-breach-where-no-one-knows-for-sure-whether-data-was-accessed-or-acquired/
A new CSI style #forensic chemistry paper to start the week. Hand-held analytical instruments such as #Fourier transform infrared and #Raman #spectroscopy are useful for taking samples in the field but lack sensitivity.
Free access via https://authors.elsevier.com/c/1geA68nCdJ744-
Hello! Let's get my #introduction going here.
Professionally right now I work as an SME in a #PenTesting group for a regulatory company, but it's really not my bag of tea in the long run. That I can feel. I much prefer to be in an investigatory and tool-making field for something related to #DFIR . I was especially happy doing #ReverseEngineering of #malware .
I'm into reverse engineering, assembly languages like #IA32 and recently #ARM / #ARM64, programming (old classics like C/C++ / #Python but learning the newer stuff like #RustLang ), big into #forensics, #RasPi and #Arduino projects and such.
Still trying to figure out what I am career wise, though, like job title and such! It's all great fun to me, just haven't found the direct niche to sink into.
Hobby wise, I'm also really into #GuildWars2! Long time gamer at heart.
Diligent Corp. had to send more notifications after learning, the hard way, that a May 2022 hacking incident was even bigger than they had discovered: data that they hadn't thought had been accessed had been accessed and exfiltrated, and was now appearing on the internet.
So on Samsung Android devices, there are few of their system apps that keep detailed logs of app usage, times, and lists all deleted apps in SQLite databases.
- Samsung Context Log:
- Samsung Smart Manager:
- Samsung Members:
Otherwise, bookmark this website and keep checking back: https://www.rigb.org/christmas-lectures/watch-royal-institution-christmas-lectures-archive
And meanwhile, watch some of the other excellent series. We are particularly fond of 2018. Have watched hundreds of times with niece!
Last week I traveled to the home of a deceased person and unlocked their computer in the presence of the executor of the estate. Among other things, I exported the email contacts so the list could be used to notify friends of the death, and details of the memorial service.
The deceased was a man who lived alone and died alone. One thing in particular brought home the fragility of life. He was using his computer at 3:19 pm. Sometime shortly after that he went into medical distress, and never touched his computer again.
Let people know you love them.
Allow yourself to be loved.
#introduction when the database crashed I lost some followers, but because I hadn't backed up my account yet, I am not sure who they all are. As an extended introduction I'll tag some common topics I like to discuss, maybe people will see those.
#bayes #bayesian #statistics #appliedmathematics #ipv6 #bufferbloat #quarto #openscience #agentbasedmodels #julialang #economics #biology #molecularbiology #ecology #forensics #engineering
I'm beginning a new job next year as a L3 SOC analyst and I'm looking for learning resources.
I've begun reading "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software". "Mastering Malware Analysis" has also been recommended to me.
I will gladly accept any advices or recommendations to get started 😁
I like comedy, dark humour, *brainy* programming, lots of podcasts - particularly the unexplained or science types.
Prefer audio to TV.
Douglas Adams, Oliver Postgate, Ray Harryhausen 🙏
I like Cycling, Blyth Spartans & Detroit Lions (gloryhunter 🤣)
Posts will mostly be photographs and humour or sporty gibberish
I'm Scott. I live in Louisville, Kentucky USA. My job is helping people deploy, manage, and use network detection and response tools. For the past 10 years I've been a part of the network security monitoring and network forensics community (design/engineering/management/support), and the 20+ years before that doing IT operations management and monitoring. I'm also a Papaw that enjoys sedentary Papaw hobbies like tabletop role-playing games, model railroads, and making the beep boops on synthesizers and sequencers.
A try at my #introduction in English...
First a few keywords: #gendarmerie (one of France's national #LawEnforcement) #forensics #malware #botnets #science.
Organizer - together with a great team of volunteers of #Botconf https://www.botconf.eu (The International Botnet & Malware Ecosystems Fighting Conference) @botconf since 2013 & #coriin (conference on incident response and digital investigations).
To know me better, you can find more info in my profile and of course by chatting with me 🗨️ 😀
I'm in the Fediverse since 2019, but never did an #introduction so far:
I insist on a #mechanicalkeyboard.
Word on the street is that i'm supposed to do an #Introduction , so here it is:
Hi, I'm Rob. I started in IT professionally 22 years ago, and jumped into Security not long after. I've bounced around in my #cybersecurity career from #GRC, #incidentresponse, #vulnerabilitymanagement, #forensics, and #redteam . Though I am currently a Senior Security Analyst in the #DFIR space.
Interests include in poking around in my #homelab and trying out new technologies, frustratingly playing first person shooters, and always studying legal matters (I wanted to be a lawyer once upon a time).
I am a father, husband, foster caregiver, pet-parent, and tech junkie.
Like a lot of people, I am a twitter refugee and came here with most of the other #security peeps who needed something different.
I'm not much of a poster, but i'm always interested in reading what my fellow #infosec peeps are working on.
Interesting blog post by Blake Regan: "How to create a forensic image of a physical hard drive using FTK Imager"
Now that I'm figuring out the #TwitterMigration a little more, let me make an #introduction. I'm an anthropologist studying human rights and technology. I'm particularly interested in resistance and reimagination.
Here's some of what I do: https://www.wired.com/story/argentina-algorithms-pregnancy-prediction/
Looking forward to (re)connecting!
I’ve worked in information security from the days of Windows 98 and Google priced at $85/share.
Nearly 20 years of DFIR experience supporting government, private sector and academic institutions - from building and protecting secure networks, to defending them, to identifying and responding to compromises, internal and external.
Retired Social Engineer with dozens of un-surrendered ‘get out of jail’ letters.