Note: The following does not represent the opinion of Mark McKinnon. He merely had the good grace to allow me a forum in which to post it after it was respectfully declined (for obvious reasons) by the SANS Institute's Forensic Blog. I wrote it chiefly b…
This information was provided to me by Longshot (Just passing this great information along).Decoding the DateCreated and DateLastConnected registry values from the registry keysSOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles\{GUID} In Vi…
I know this whole blog has gotten pretty stale as there have not been any posts in a loooong time. Well I am going to try and remedy that with some good posts in the coming weeks. Well the skype log parser, which is my most downloaded tool, has gone thro…
Forensic Focus
Oops, it looks like you've entered an invalid feed address!
This will be the final post in this space. I've retired from the practice. I'll leave this free resource up as an artifact and a reference. So long, and thanks for all the fish.
First of all, I hope this post finds you and yours in good health. I hope that you have enough to eat and have enough resources to meet your basic needs. I know that many folks have been sent home to work, some have even lost their jobs (some temporarily,…
As firms and agencies urge their employees to work from home during the global pandemic, their employees’ confidential phone calls run the risk of being heard by Amazon.com Inc. and Google.
Mishcon de Reya LLP, the U.K. law firm that famously advised Pri…
When creating case reports, I like to use the terms from our discipline as defined in the various standards documents. Here are some of the most popular terms, and their definitions. Saving these here for quick reference.
DEFINITIONS
The following defin…
Here is an overview of content I published in March: Blog posts: Update: metatool.py Version 0.0.4 SANS ISC Diary entries: Obfuscated Hexadecimal Payload 1768.py’s Experimental Mode Wireshark 4.2.4 Released Checking CSV Files
metatool.py is a tool to help with the analysis of Metasploit or Cobalt Strike URLs. I added option -a to provide URLs via the command-line. metatool_V0_0_4.zip (http)MD5: 374B30DD3D92557A7F8DAA97B81CEE0ESHA256: D627AF2462610AE0B8CC5AB2BA0A4325D1386BB06F9…
An overview of what is going on Apple has recently issued an urgent warning to iPhone users across 92 countries, alerting them to the threat of highly sophisticated “mercenary spyware” attacks. This alert marks a concerning escalation in cyber…
In an increasingly digital world, the importance of cyber security cannot be overstated. With each passing year, businesses and organisations face evolving threats that put their sensitive data and operations at risk. The Cyber security breaches surv…
A global panel of Cyber Security professionals have reviewed a record number of Cyber OSPA nominations from around the world, and the list of finalists have been announced. The Cyber OSPAs were launched in 2021 to recognise and reward companies, teams, in…
“If the integrity and legitimacy of the UK’s regulatory system is to be preserved, the findings and recommendations in our report must be addressed by the Government, regulators and Parliament.” – Lord Hollick, Chair of the inquiry…
Telling time in forensic computing can be complicated. User interfaces hide the complexity, usually displaying time stamps in a human readable format, e.g. 2017-05-02 18:36:23. But the time stamp is usually not recorded in this format. Instead, it is r…
Every registered Android mobile device has an associated Google account. Google accounts usually mean Gmail. And, for investigators interested in the Gmail content stored on Androids, that content can be found in the /data/com.google.android.gm/da…
I commonly use adb and fastboot to access Android devices. Ubuntu has packages for those tools making installation easy:
$ sudo apt-get install android-tools-adb android-tools-fastboot
But, in recent months, I have encountered instances where the a…
I decided to bite the bullet and try out Windows 10. I wanted to learn the new operating system and determine if I could run specific software/hardware combinations under the new Windows that I had been running in Windows 7, specifically Riffbox. I happ…
Sploited BLOG
Oops, it looks like you've entered an invalid feed address!
An overview of what is going on Apple has recently issued an urgent warning to iPhone users across 92 countries, alerting them to the threat of highly sophisticated “mercenary spyware” attacks. This alert marks a concerning escalation in cyber…
In an increasingly digital world, the importance of cyber security cannot be overstated. With each passing year, businesses and organisations face evolving threats that put their sensitive data and operations at risk. The Cyber security breaches surv…
A global panel of Cyber Security professionals have reviewed a record number of Cyber OSPA nominations from around the world, and the list of finalists have been announced. The Cyber OSPAs were launched in 2021 to recognise and reward companies, teams, in…
“If the integrity and legitimacy of the UK’s regulatory system is to be preserved, the findings and recommendations in our report must be addressed by the Government, regulators and Parliament.” – Lord Hollick, Chair of the inquiry…