Collaborate Disseminate
Velociraptor is a great DFIR tool that becomes more and more popular amongst Incident Handlers. Velociraptor works with agents that are deployed on endpoints. Once installed, the agent automatically “phones home” and keep s a connection with the server… exactly like a malware with it’s C2 server but this time
The post Velociraptor & Loki appeared first on /dev/random.
I am willing to give my iPad for a repair shop, but I would like to know whether they tamper with the OS in any way.
Is there any way with or without special software to gather forensic evidence about whether the lightning port was used t… Continue reading Does my jailbroken with root access iPad store any forensic evidence for usage of the lightning connector?
Does it affect data recovery, etc.?
Continue reading Is not turning off your computer "forensically" safe?
everyone!
I have discovered suspicious activity on one of Mikrotik Routers. This device had an outdated version of RouterOS with open ports web, winbox, etc. I believe that it was infected by malware, and there is a need to analyze the con… Continue reading Any approach to copy the disk and take RAM shapshot of RouterOS (Mikrotik)?
It would be great if forensics teams could easily lift fingerprints off of bullet casings left at crime scenes, but unfortunately doing so is often quite difficult. A new technique developed at the University of Nottingham could change that.Continue Re… Continue reading New technique excels at lifting fingerprints from shell casings
If one uses a storage device (USB stick or SD card) on Windows, then it leaves "System Volume Information" folder in the file system. Would there be a way so a forensic guy could definitely tell on which computer the storage devi… Continue reading Could "System Volume Information" be used to find out on which system the storage was used?
If one formats the same USB stick (or SD card) to FAT32 file system on Windows, or on Linux, or on Android – would there be differences so a forensic guy could definitely tell on which OS or even on which specific machine the USB stick was… Continue reading Are there differences on how storages are formatted between different OS?
If one uses a micro SD card with a card reader on Windows, or on Linux, or on Android – would there be a way so a forensic guy could definitely tell on which computer the flash card was used by examining it?
I know OS can log which devices… Continue reading Which traces leave on a flash card after using it?
If one uses a micro SD card with a card reader on Windows, or on Linux, or on Android, would there be a way to forensically determine on which computer the card reader was used?
I know OS can log which USB devices was connected. As far as … Continue reading What traces are left on a flash card reader after using it?
If one uses a FAT32-formatted USB stick on Windows, Linux, or Android, would there be a way to determine on which computer the USB stick was used by examining the USB stick?
I know OS can log which USB sticks were connected. As far as I kn… Continue reading What traces are left on a USB stick after using it?