Last week I got invited to take part in Forensic Lunch to talk about Foreman, my open source case management project! https://www.youtube.com/embed/o7uSp8XVGLQ
Category: forensics
4th International Conference on Cyber Security & Education
On Friday I went to the 4th International Conference on Cyber Security and Education, held at the Scottish Police College in Tullillan Castle. There were loads of really interesting talks and I think the only let down was the lack of abstracts/summaries of each talk; so often I was blindly going into a talk in one … Continue reading 4th International Conference on Cyber Security & Education
Microsoft Edge Forensics
With Windows 10 comes Microsoft Edge – the replacement for the much scorned Internet Explorer. Many articles are saying that Edge is better, faster and safer and compares to the likes of Google Chrome. But how does it store the user's web history? In the good old days IE stored everything in index.dat files. Chrome & Firefox moved away from … Continue reading Microsoft Edge Forensics
Malware Steganography
6 years ago (yikes!) I wrote about image steganography as a concept. At the moment there are a couple of pieces of malware that use steganography, such as Vawtrak (aka Neverquest) and ZeuS, to hide the command and control servers (C&C) or configuration files in images. This means that the malware does not need to contain a … Continue reading Malware Steganography
Foreman case management framework
The graphic above shows the data flow for a forensics case*. I amalgamated and simplified the processes of the two forensics teams I've worked in, to come up with what I believe is the basic flow of a case for any forensics team. Foreman is a framework to support this process flow. It does not … Continue reading Foreman case management framework
Introducing Foreman
In my second to last post I alluded to a talk I did at the CyberForensics conference. You can access the presentation here. TLDR: In today’s market there is a plethora of Digital forensics software available for investigators, from small scripts that do a single task to full-featured toolkits that can aid an investigation from … Continue reading Introducing Foreman
CyberForensics Conference 2014 – Day 2
Day 2 was just as good as day one, here are the highlights: Ethan Bayne presented on how to use GPUs to speed up carving and searching for files in a forensic image. Amazingly this has not been done yet, and the results he presented were spectacular as you can imagine! Essentially it's just parallelising a … Continue reading CyberForensics Conference 2014 – Day 2
QR codes for evidence tracking
QR codes seem to be popping up everywhere now, from adverts & marketing campaigns to tracking and tickets. It’s easy to see why; they are easy to generate, have a high level of error-correction and the ability to encode quite a lot of data (the maximum being 4,296 alpha-numeric characters). Since most modern smart phones have … Continue reading QR codes for evidence tracking
Self deleting malware
Have you ever wondered how some malware variants are able to delete themselves? A malicious executable is launched on a machine, and once launched in memory, the executable vanishes. This makes malware analysis very hard if no memory dump was taken, as there is seemingly nothing there. We can however use other artefacts to confirm … Continue reading Self deleting malware