LNK Files in CTI

There’s a good bit of file analysis that goes into CTI reports, including (but not limited to) malware analysis. But for some reason, not all files appear to be worthy of parsing and analysis. We also tend to see in-depth descriptions of the value of L… Continue reading LNK Files in CTI

Posted in Uncategorized

Consistency

I’ve worked a lot of places over the years, all for varying lengths of time. While this worked against me in the early days, with potential employers wondering why I didn’t stay longer at my previous employer, and wondering how long I’d potentially sta… Continue reading Consistency

Posted in Uncategorized

Timelines

I like timelines, particularly when it comes to forensic investigations. There I said it. The first step to addressing an issue is admitting that you have a problem.I’ve been creating timelines since about 2008-ish, or so. I have a series of blog … Continue reading Timelines

Posted in Uncategorized

LNK Files

I know what you’re thinking…”LNK files? Again? Dude, you are like a dog with a bone!”Yes. Yes, I am. But in this case, I’ll keep it short. I’ve posted a lot…a LOT…about LNK files, and there’s very likely more to come in the future.Wietze recently… Continue reading LNK Files

Posted in Uncategorized

Links

I’ve been saving some things up in this draft blog post, adding new things, removing some older stuff that, after a few days, didn’t quite hit the same as when I first read them. Most who know me know that I’m not so much about just dropping a link, as… Continue reading Links

Posted in Uncategorized

Devices

Something I learned very early on as a DF/IR consultant was that you’re likely never going to run into a perfect environment as an on-call responder. In fact, the best you can hope for is an environment with the default logging, for the OS and app… Continue reading Devices

Posted in Uncategorized