Testing software, researching forensic analysis, teaching forensics, and learning how to use forensic tools all require one common thing: test images .
There are so many forensic test images scattered across the Internet, that finding something that you need takes time. So…I have curated into categories all that I have found and add new sources as I find them or informed of them.
Amped FIVE features a powerful tool, called Color Deconvolution, which creates a color space tailored to our needs: a color space where the difference between the undesired color and the color of interest is better expressed.
Digital Evidence Investigator PRO enables front line field investigators to quickly create a forensic backup of an iOS device on-scene or back in the lab. In this short video, ADF Digital Forensic Specialist, Rich Frawley, will show you how to easily backup an iOS device with DEI PRO.
A recent court filing indicates that Facebook knew about the bug in its View As feature that led to the 2018 data breach – a breach that would turn out to affect nearly 29 million accounts – and that it protected its employees from repercussions of that bug, but that it didn’t bother to warn users.
Supermarket chain Hy-Vee has published a warning to customers this week after staff discovered a security breach on some of its point-of-sale (PoS) systems.
You don’t need to experience military life to learn the valuable lessons that are drilled into military recruits. In fact, you can probably enjoy the benefit of the lessons more quickly than spending months of being bombarded with ‘training’ every day..recruits have no clue of the value of most lessons that they experience on a daily basis until years after graduating boot camp. You can probably get it the first day at this stage of working in DFIR, because you know the problems that need to be solved already. You just need a gentle push to the solutions.
How do you know if you improved your skill and knowledge base over the past years, or even over the past week? Did you even improve anything from yesterday? And if you did, how do you know? Are you better working the DFIR today than yesterday? There is something you can do to check.
We are our own worst enemy in many facets of life. We are the most critical of ourselves compared to anyone, even compared against the most overprotective parents or the strictest music teacher you’ve ever had or seen. We are tough on ourselves. Let’s take that toughness and use it for a benefit!
To see how much you have grown and developed in DFIR skills, block out a day to c
A coordinated ransomware attack has affected at least 20 local government entities in Texas, the Texas Department of Information Resources said. It would not release information about which local governments have been affected.
Before we start our expedition into this muddled place, let's get the terminology right. "Malware name" might refer to one of the following:
"Without digital forensics, it would be hard to get a conclusion in a lot of cases," said Walsh, who noted the very nature of modern communications makes the work of the FBI more challenging. "Suspects aren't talking on the phone anymore and our technical techniques are not working as well because so much more is encrypted. I pull in the NJRCFL very early in my investigative strategy."
I am able to shed a little more light on this attribute of the files resident in the MFT. Along the way, in the search for the information I needed, I went to the Harlan Carvey Blog , ( http://windowsir.blogspot.com ), which has mentioned this feature several times , in several of his articles. Specifically, one of those articles by Harlan, published on November 13, 2013 , led me to another article, written by Hal Pomeranz , under the title of " Resident $ DATA Residue in NTFS MFT Entries". And this has been my starting point.
In diary entry "Malicious .DAA Attachments", we extracted a malicious executable from a Direct Access Archive file.
A newly identified phishing campaign used Google Drive to help bypass some email security features as attackers attempted to target a company in the energy industry, security firm Cofense reported this week.