journeyintoir.blogspot.com
Journey Into Incident Response: Prefetch File Meet Process Hollowing
http://journeyintoir.blogspot.com/2014/12/prefetch-file-meet-process-hollowing_17.html
Journey Into Incident Response. Journey into IR Methodology. Prefetch File Meet Process Hollowing. Wednesday, December 17, 2014. Posted by Corey Harrell. Specifically, how creating a suspended process and injecting code into it impacts the process's prefetch file. The statement below is the short version describing the impact injecting code into a suspended process has on its prefetch file. For those wanting the details behind it the rest of the post explains it. Key to process replacement is creating a ...
cheeky4n6monkey.blogspot.com
Cheeky4n6Monkey - Learning About Digital Forensics: June 2014
http://cheeky4n6monkey.blogspot.com/2014_06_01_archive.html
The (Badly) Illustrated Musings of a Cheeky Forensics Monkey . Friday, 13 June 2014. Monkeying around with Windows Phone 8.0. Ah, the wonders of Windows Phone 8.0 . Failing eyesight, Frustration and Squirrel chasing. Updated last section with deleted record observations from a Nokia Lumia 530. Device running Windows Phone 8.10. Special Thanks to Detective Cindy Murphy. Lieutenant Jennifer Krueger Favour. And the Madison Police Department ("Forensicate Like A Champion! Thanks to Maggie Gaffney. Later, we ...
cheeky4n6monkey.blogspot.com
Cheeky4n6Monkey - Learning About Digital Forensics: Using SIFT to Crack a Windows (XP) Password from a Forensic Image
http://cheeky4n6monkey.blogspot.com/2011/12/using-sift-to-crack-windows-xp-password_27.html
The (Badly) Illustrated Musings of a Cheeky Forensics Monkey . Tuesday, 27 December 2011. Using SIFT to Crack a Windows (XP) Password from a Forensic Image. In the previous post, we focused on retrieving Windows login passwords from a memory dump using Volatility. But what happens if you don't have a memory dump / only have a forensic image of the hard drive? Well, Rob Lee. Has kindly provided the tools in the SANS SIFT. V212) workstation and Irongeek. And crack them using John The Ripper. 2 Type "samdum...
cheeky4n6monkey.blogspot.com
Cheeky4n6Monkey - Learning About Digital Forensics: Detecting Spoofed Emails with SIFT's pffexport and some Perl scripting
http://cheeky4n6monkey.blogspot.com/2012/03/detecting-spoofed-emails-with-sifts.html
The (Badly) Illustrated Musings of a Cheeky Forensics Monkey . Thursday, 8 March 2012. Detecting Spoofed Emails with SIFT's pffexport and some Perl scripting. One likely issue facing today's forensicator is the sheer number of emails people keep in their Inboxes. These numbers can grow at a phenomenal rate especially if the user subscribes to multiple mailing lists. Unsure if was SANS. O) recently suggested using pffexport. For one of my previous posts dealing with email analysis. Like readpst. Under "us...
geoffblack.com
April | 2011 | Geoff Black's Forensic Gremlins
http://www.geoffblack.com/2011/04
Geoff Black's Forensic Gremlins. Everything that gives you fits in Digital Forensics and E-Discovery. Monthly Archives: April 2011. April 16, 2011. EnCase 7 Sneak Peek (NYC). I know a couple. Have already been written about the EnCase 7 Sneak Peek as well as a podcast from Forensic 4Cast. EnCase 7 is the first major release of Guidance Software’s flagship forensics product in four and a half years (depending on the actual release date) and there are lots of changes, so let’s dive in! Old and busted (v6):.
geoffblack.com
Presentations | Geoff Black's Forensic Gremlins
http://www.geoffblack.com/presentations
Geoff Black's Forensic Gremlins. Everything that gives you fits in Digital Forensics and E-Discovery. Defensible Quality Control for E-Discovery. Random sampling, EnCase eDiscovery Workflows, Review Platform sampling. Statistical Analysis and Data Sampling. May 21, 2012. Statistical Analysis and Data Sampling for eDiscovery for the CEIC 2012 eDiscovery Track in Las Vegas. All notes and commentary are included. The latest version is available on the Lightbox Technologies blog at the link above.
geoffblack.com
Sorting in EnScript – Sorting Arrays and NameListClass / NameValueClass | Geoff Black's Forensic Gremlins
http://www.geoffblack.com/2012/09/04/sorting-in-enscript-sorting-arrays-and-namelistclass-namevalueclass
Geoff Black's Forensic Gremlins. Everything that gives you fits in Digital Forensics and E-Discovery. Sorting in EnScript – Sorting Arrays and NameListClass / NameValueClass. September 4, 2012. Every language has its own quirks when it comes to sorting data. In this post, I’ll take an introductory look at some of the most basic methods available for sorting data in EnScript. First, we need a list of some type of data that we want to sort. Our first example is going to use the. Array type by using the.
geoffblack.com
February | 2011 | Geoff Black's Forensic Gremlins
http://www.geoffblack.com/2011/02
Geoff Black's Forensic Gremlins. Everything that gives you fits in Digital Forensics and E-Discovery. Monthly Archives: February 2011. February 21, 2011. Corporate E-Discovery Forum on Social Media. A few weeks ago I had a unique opportunity to attend the Corporate E-Discovery Forum’s. The forum had four main sessions during the day:. Social Media and Reducing Risk. Practical Guide for Corporations to the Identification, Collection and Production of Social Media. Social Media Dialog with Judges. And will...
geoffblack.com
Association of Certified E-Discovery Specialists (ACEDS) Conference 2012 | Geoff Black's Forensic Gremlins
http://www.geoffblack.com/2012/02/09/association-of-certified-e-discovery-specialists-aceds-conference-2012
Geoff Black's Forensic Gremlins. Everything that gives you fits in Digital Forensics and E-Discovery. Association of Certified E-Discovery Specialists (ACEDS) Conference 2012. February 9, 2012. The Association of Certified E-Discovery Specialists ( ACEDS. For other sources: Gabe Acevedo with Above The Law has a great analysis. Written just after last year’s ACEDS Conference. Dennis Kiker with LeClairRyan also wrote a well-reasoned article. I can say from my own experience hiring forensic and eDiscovery p...
journeyintoir.blogspot.com
Journey Into Incident Response: SIEM – One Year Later
http://journeyintoir.blogspot.com/2015/07/siem-one-year-later.html
Journey Into Incident Response. Journey into IR Methodology. SIEM – One Year Later. Sunday, July 26, 2015. Posted by Corey Harrell. We are overwhelmed with data and are not sure what to look at or collect? Start with Why It Is Needed. Exploring this question brought me to various information security resources. It even lead me to obtaining my Masters of Science in Information Assurance. In time I came to the following conclusion:. 2 Most information security decisions I witnessed in my entire career were...
