In my second to last post I alluded to a talk I did at the CyberForensics conference. You can access the presentation here. TLDR: In today’s market there is a plethora of Digital forensics software available for investigators, from small scripts that do a single task to full-featured toolkits that can aid an investigation from … Continue reading Introducing Foreman
CyberForensics Conference 2014 – Day 2
Day 2 was just as good as day one, here are the highlights: Ethan Bayne presented on how to use GPUs to speed up carving and searching for files in a forensic image. Amazingly this has not been done yet, and the results he presented were spectacular as you can imagine! Essentially it's just parallelising a … Continue reading CyberForensics Conference 2014 – Day 2
CyberForensics Conference 2014 – Day 1
Today I attended and spoke at day one of two of the 4th Cybercrime, Security and Digital Forensics Conference 2014, held at Strathclyde University in Glasgow. My presentation was one an open source project I have been working away at for the last 3 or 4 months, and I'll do a more detailed update on that later … Continue reading CyberForensics Conference 2014 – Day 1
The risks of QR codes
In my last blog post I talked about the merits of QR codes and their use in forensics. I’m going to talk about the risks of QR codes now, as with everything, there are always issues with new technology. There are three main risks with QR codes: The QR code may point to a malicious … Continue reading The risks of QR codes
QR codes for evidence tracking
QR codes seem to be popping up everywhere now, from adverts & marketing campaigns to tracking and tickets. It’s easy to see why; they are easy to generate, have a high level of error-correction and the ability to encode quite a lot of data (the maximum being 4,296 alpha-numeric characters). Since most modern smart phones have … Continue reading QR codes for evidence tracking
Self deleting malware
Have you ever wondered how some malware variants are able to delete themselves? A malicious executable is launched on a machine, and once launched in memory, the executable vanishes. This makes malware analysis very hard if no memory dump was taken, as there is seemingly nothing there. We can however use other artefacts to confirm … Continue reading Self deleting malware
Homemade Christmas Cards
On 26th October I went to the Hobby Crafts fair in Glasgow at the SECC. At first I was sorely disappointed as I went into the first auditorium and it was stalls and stalls of handmade crafts such as jewellery, bags and gift items. Just as I was about to leave in a huff I … Continue reading Homemade Christmas Cards
Mini Forensics Challenge Answers: File headers & Footers
Thanks to everyone who emailed me in that they completed or had questions about the mini forensics challenge, I’m glad that someone out there reads this blog 😉 Here are the answers below. I used Hex Editor Neo in the screenshots. Challenge 1: Using a hex editor, repair this zip file which has had its header … Continue reading Mini Forensics Challenge Answers: File headers & Footers
Malware Analysis Training
As I begin to do more and more forensic malware analyses, it’s always good to know what kind of training opportunities are available. Here is a list of professional courses (for the UK) along with some free online courses. Please let me know in the comments section if you know of any more. I know … Continue reading Malware Analysis Training
Alternate Data Streams
Lots of apologies that I haven’t been blogging lately. I have recently got married, and as you can imagine that has taken up a lot of my time! I’m currently doing a course called the Certified Malware Investigator run by 7Safe, and one of the practical exercises in today’s session was on Alternate Data Streams (ADSs). I’ve … Continue reading Alternate Data Streams
Lowmanio 