How to convert a pcap to a png file?
I was reading a paper, the authors said they converted their netflow files to 2D image. I want to convert my files to 2D images. What is the process?
Category Archives: forensics
Calculations of NTFS Partition Table Starting Points [closed]
I have a disk image. I’m able to see partition start and end values with gparted or another tools. However, I want to calculate them manually. I inserted an image , which showing my disk image partition start and end values. Also, I insert… Continue reading Calculations of NTFS Partition Table Starting Points [closed]
From a forensics standpoint how much leftovers do package managers in Linux leave behind?
Let’s assume that for my question we’re using the equivalent of apt purge, which also removes configuration files. What’s left behind after apt purge and similar commands from other package managers?
I’m guessing it would be loose dependen… Continue reading From a forensics standpoint how much leftovers do package managers in Linux leave behind?
How might I rate-limit in nginx against a distributed attacker that has set the number of parallel connections in xerxes to 1?
An attacker tweaks xerxes by setting the number of CONNECTIONS in xerxes to 1 instead of 8, like so:
#define CONNECTIONS 1
They then attack with xerxes-executable mydomain 433.
Their strategy is to use eight time less connections from eac… Continue reading How might I rate-limit in nginx against a distributed attacker that has set the number of parallel connections in xerxes to 1?
Do popular pentest tools leave any digital fingerprints?
Do pentesting tools leave behind any information in order to identify the attacker?
Continue reading Do popular pentest tools leave any digital fingerprints?
How to image an iPhone on an Azure Windows VM? [closed]
For my project, we need to image our phones, in my case, an iPhone. The problem is that we have Magnet AXIOM licenses that only work on Windows. I have a Mac with limited disk space, so I chose a Microsoft Azure Windows VM with more cores … Continue reading How to image an iPhone on an Azure Windows VM? [closed]
IPs from Bitcoin wallets [closed]
Is there a way to derive IP addresses associated with bitcoin wallets to trace criminal activities?
Apps used by malware analyst, network engineers [closed]
I have been studying cyber security and have done labs for this. I have come across Nmap, Zenmap, Wireshark software. To all the malware analysts and network engineers out there, how often are these kinds of software are used in your work?… Continue reading Apps used by malware analyst, network engineers [closed]
Velociraptor & Loki
Velociraptor is a great DFIR tool that becomes more and more popular amongst Incident Handlers. Velociraptor works with agents that are deployed on endpoints. Once installed, the agent automatically “phones home” and keep s a connection with the server… exactly like a malware with it’s C2 server but this time
The post Velociraptor & Loki appeared first on /dev/random.
Does my jailbroken with root access iPad store any forensic evidence for usage of the lightning connector?
I am willing to give my iPad for a repair shop, but I would like to know whether they tamper with the OS in any way.
Is there any way with or without special software to gather forensic evidence about whether the lightning port was used t… Continue reading Does my jailbroken with root access iPad store any forensic evidence for usage of the lightning connector?