brandonchecketts.com
Brandon Checketts » Data Recovery
http://www.brandonchecketts.com/archives/category/data-recovery
Skip to search - Accesskey = s. Amazon API Signing.com. CentOS Mail Toaster Howto. Docker Syslog Container for Sending Logs to CloudWatch. Deis add Key from an ssh-agent. Unattended install of Cloudwatch Logs Agent. DKIM / SPF / SpamAssassin test moved to dkimvalidator.com. Getting Ubuntu 14.04 php5enmod to understand module priority. Proposed Pattern for Deploying EC2 instances with Secure Credentials. Troubleshooting /etc/cron.d/ on Ubuntu. Fix for MongoDB not reliably starting/stopping on Ubuntu.
forensicmethods.com
Mimikatz Kerberos Golden Ticket | Forensic Methods
http://forensicmethods.com/mimikatz-kerberos-golden-ticket
Mimikatz Kerberos Golden Ticket. Mimikatz Kerberos Golden Ticket. June 30, 2014. Mdash; Leave a comment. It has been an interesting year for attacks against the Windows credential model. If you aren’t familiar with the Mimikatz “Golden Ticket” attack, it represents some of the best justification for guarding your domain administrator credentials with your life (if you really needed additional justification). CERT EU published an excellent whitepaper. On strategies for mitigating this attack. Las Vegas, NV.
forensicmethods.com
ESE Databases are Dirty! | Forensic Methods
http://forensicmethods.com/ese-recovery
ESE Databases are Dirty! ESE Databases are Dirty! June 15, 2015. Mdash; Leave a comment. The Path to the WebCache. Figure 1: Intermediary Stages of Writing to the WebCacheV*.dat Database. Figure 2: Modification Times of ESE Log Files and Database. Mining the Log Files. Esentutl /mh WebCacheV01.dat. Figure 3: WebCacheV01.dat Header Information. Esentutl /r V01 /d. Figure 4: Successful ESE Database Recovery. Database log files may contain both inserts and deletes! While I demonstrated recovery of an Intern...
forensicmethods.com
Forensic Methods | Author Archives
http://forensicmethods.com/author/chadtilbury
Archives / Chad Tilbury. Archives For Chad Tilbury. Blue Team: Reconnaissance Detection. May 11, 2016. Mdash; Leave a comment. Note: This article originally appeared on the CrowdStrike blog. Look here. Self-Recon is the Best Recon. Investigating PowerShell: Command and Script Logging. March 8, 2016. Mdash; Leave a comment. Hunting Command Line Activity . I am pleased to report that there have been some significant upgrades to command line logging since that webcast. Starting with Server 2012R2, Microsoft...
forensicmethods.com
OUCH! Securing Your New Tablet | Forensic Methods
http://forensicmethods.com/ouch-tablet
Securing Your New Tablet. Securing Your New Tablet. December 5, 2013. Mdash; Leave a comment. The December 2013 issue of OUCH! Is out, and I am pleased to be this month’s guest editor. The SANS Securing the Human. Team is impressive and it is always a pleasure to work with professionals with such diverse security backgrounds. If you aren’t familiar with OUCH! It is a free Creative Commons resource intended to supplement user awareness training. OUCH! Malware Analysis Quant Project. Virginia Beach, VA.
forensicmethods.com
Hunting PowerShell Command Lines | Forensic Methods
http://forensicmethods.com/hunting-powershell-command-lines
Hunting PowerShell Command Lines. Hunting PowerShell Command Lines. July 19, 2014. Mdash; 1 Comment. My recent webcast with Jaron Bradley was recorded and a link is available below. If you have been looking for an excuse to get more familiar with Windows PowerShell, have a look. Hunting Command Line Activity. Hunting PowerShell Command Lines. July 19, 2014 at 10:16 pm. Hope you are fine! Nice job with CLI analysis. Thanks. Regards, Luis Dias. Leave a Reply Cancel reply. Virginia Beach, VA. Las Vegas, NV.
rlworkman.net
Robby's Links Page
http://www.rlworkman.net/links
My Dog, Kane. Robby's Links to Various Places. Links of General Interest for Slackers. This is the official Slackware book; required reading for all new Slackware users (and a good refresher for the more experienced among us) :). The Slackware Wiki (unofficial). This is a good source of documentation, tutorials, and other related information about Slackware. This is an unofficial but very good book written primarily by Daniel de Kok. Usenet group for Slackware - be sure to read the FAQ. The official regi...
linuxsleuthing.blogspot.com
Linux Sleuthing: Getting Attached: Apple Messaging Attachments
http://linuxsleuthing.blogspot.com/2015/01/getting-attached-apple-messaging.html
Adventures in Linux-based data forensics. Wednesday, January 7, 2015. Getting Attached: Apple Messaging Attachments. The chats.db is found in the users directory in the. Location of chats.db. Library/Messages/ Library/Messages/Attachments Library/Messages/chat.db Library/Messages/chat.db-shm Library/Messages/chat.db-wal. As you can see, message attachments are located in the. Sub-folder. But how are they referenced in the chats.db, and how are they matched to the correct message? Style INTEGER ,. Was ded...
linuxsleuthing.blogspot.com
Linux Sleuthing: Calculating Embedded OS X Times
http://linuxsleuthing.blogspot.com/2011/02/calculating-embedded-os-x-times.html
Adventures in Linux-based data forensics. Monday, February 21, 2011. Calculating Embedded OS X Times. I recently examined a Macintosh computer where I needed to look at Internet History. The only installed browser was Safari, and the history was stored in /Users/. Library/Safari/History.plist, an XML file with visit dates in recorded in epoch format. An example of that time is "314335349.7". Mon Feb 21 08:53:57 PST 2011. Date -d "2001-01-01 314335349.7 sec PST". Sat Dec 18 03:22:29 PST 2010. EDIT: When p...
