Pragmatic Forensics
Follow
Find
2.1K views | +2 today
Pragmatic Forensics
Forensic Analyze Digital Evidence, Investigation Cyber Crime
Curated by yk
Your new post is loading...
Your new post is loading...
Rescooped by yk from opexxx
Scoop.it!

HoneyProxy - HTTP(S) Traffic Investigation

HoneyProxy - HTTP(S) Traffic Investigation | Pragmatic Forensics | Scoop.it
HoneyProxy is a lightweight SSL-capable proxy that helps you analyze HTTP traffic.

Via alexander knorr
yk's insight:

Oh jesus thx god

more...
No comment yet.
Scooped by yk
Scoop.it!

Extracting processes binary w/ volatility, disk image.

Extracting processes binary w/ volatility, disk image. | Pragmatic Forensics | Scoop.it
When I analysis the incident, usually I am looking the evidence in memory.
something like connections or injected processes.
But eventually, I need to copy normal file as binary of process(executable,...
more...
No comment yet.
Scooped by yk
Scoop.it!

Crime Scene Investigation at a Glance | Forensic Magazine

Crime Scene Investigation at a Glance | Forensic Magazine | Pragmatic Forensics | Scoop.it
This graphic provides a quick review of crime scene basics at a glance.

+we also need to like this for digital crime scene

more...
No comment yet.
Scooped by yk
Scoop.it!

Seeing Behind the Camera

Seeing Behind the Camera | Pragmatic Forensics | Scoop.it
Imagine sitting in a room with a single open window. Across from this window is a white wall. Why isn’t an image of the outside world projected onto the wall?
more...
No comment yet.
Scooped by yk
Scoop.it!

Tracking malware-crumb in memory

Tracking malware-crumb in memory | Pragmatic Forensics | Scoop.it

Another Volatility experience

 

This is a post that is my experience in memory analysis by using volatility for compromised windows server.
In that field, I was preserved memory and disk image. but I’ll handle just analysis of...

more...
No comment yet.
Scooped by yk
Scoop.it!

UFO Forensic Analysis, Photos, Korea 2012 | Veterans Today ...

UFO Forensic Analysis, Photos, Korea 2012 | Veterans Today ... | Pragmatic Forensics | Scoop.it
Thus, we had the forensic labs of the SACIA (South Africa Counter Intelligence Agency), the world's top authority on certification of photographic data, diamond, mineral and currency authenticity, a somewhat controversial ...
more...
No comment yet.
Scooped by yk
Scoop.it!

Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 1)

Big Brother Forensics: Device Tracking Using Browser-Based Artifacts (Part 1) | Pragmatic Forensics | Scoop.it

"One of the more revolutionary forensic artifacts to emerge in recent years is geo-location data. Geo-location gives us an accurate means to identify the physical location of an item on Earth. It is now possible to determine where in the world a laptop or mobile phone has been, solely using host-based forensics. In a world of increasingly mobile devices, geo-artifacts can provide a crucial extra dimension to our investigations. With it, we now have the potential to answer who, what, when, why, and where." 

more...
No comment yet.
Scooped by yk
Scoop.it!

Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results

Is Anti-Virus Really Dead? A Real-World Simulation Created for Forensic Data Yields Surprising Results | Pragmatic Forensics | Scoop.it

"If anyone needs just a little proof that you are using A/V products to mainly defend against low-skilled attackers, then there it is. I asked that the attack team use skills learned in most Penetration Testing courses. They didn't use anything really advanced, which is one of the reasons many argue that even the "Advanced Persistence Threat" isn't really that advanced. We even made many mistakes during the attack. Even then... nothing was found and nothing was automatically blocked. If this were a real compromise, we could have been on this network for months or years prior to anyone finding us. Just like in the real world."

more...
No comment yet.
Scooped by yk
Scoop.it!

Microsoft leads strike on Zeus botnets - The H Security: News and Features

Microsoft leads strike on Zeus botnets - The H Security: News and Features | Pragmatic Forensics | Scoop.it
Working closely with US authorities, Microsoft has succeeded in disrupting two Zeus botnets.
more...
No comment yet.
Scooped by yk
Scoop.it!

Intelligence vs APT

Intelligence vs APT | Pragmatic Forensics | Scoop.it
Intelligence vs APT I used to response cybercrime. somtimes failed in mission, even I work very hard. Nowadays, Cybercrime goes to very complexity, perplex and sophistication. as you know,...
more...
No comment yet.
Scooped by yk
Scoop.it!

Exploit Monday: Powershell Live-Memory Analysis Tools: Dump-Memory, Dump-Strings, Check-MemoryProtection

more...
No comment yet.
Scooped by yk
Scoop.it!

Introduce of SQLite3 file carver & reportor

Introduce of SQLite3 file carver & reportor | Pragmatic Forensics | Scoop.it
Introduce of SQLite3 file carver & reportor When I investigated DDoS attack case, I need to find where come from command, as well as an attacker. Therefore I was obsessed with SMS records. During...
more...
No comment yet.
Rescooped by yk from High Tech Use by Law Enforcement
Scoop.it!

Albuquerque, other cities adopting high tech intelligence gathering systems to fight crime

Albuquerque, other cities adopting high tech intelligence gathering systems to fight crime | Pragmatic Forensics | Scoop.it
ALBUQUERQUE, N.M.- It's early evening and officer Damian Lujan is patrolling alone in Albuquerque's International District - a high crime area also known as the "war zone."...

Via Christa Miller
more...
No comment yet.
Scooped by yk
Scoop.it!

2012-02-15 CERIAS - Forensic Carving of Network Packets with bulk_extractor and tcpflow

Recorded: 02/15/2012 CERIAS Security Seminar at Purdue University Forensic Carving of Network Packets with bulk_extractor and tcpflow Simson Garfinkel, Naval...
more...
No comment yet.
Scooped by yk
Scoop.it!

SANS Digital Forensics and Incident Response Poster Released

SANS Digital Forensics and Incident Response Poster Released | Pragmatic Forensics | Scoop.it

Awesome! all forensicators should be download!

more...
No comment yet.
Scooped by yk
Scoop.it!

OS X Folder Layout (Part 1)

OS X Folder Layout (Part 1) | Pragmatic Forensics | Scoop.it
In part 1 of this series, we begin to examine the file and folder structure of the OS X 10.7 installation. We look at the structure from the Finder (GUI), and the Terminal (Command Line).
more...
No comment yet.
Scooped by yk
Scoop.it!

A “LNK” to the Past | Symantec Connect Community

A “LNK” to the Past | Symantec Connect Community | Pragmatic Forensics | Scoop.it

Using malicious LNK files and malware in a Thumbs.db in order to mount an attack:

 

"When we examine one of the .lnk files in the folder, we see it calls the Windows Command Prompt to execute the start command. This command is passed the thumbs.db file along with the corresponding image [...] as its parameters. Therefore, when the user double clicks on the .lnk file, they expect an image to appear, and it does, as they are presented with an actual image from a Tibetan protest. However, the thumbs.db binary (detected as Trojan.Dropper) is also executed, which drops multiple files onto the compromised computer."

more...
No comment yet.
Scooped by yk
Scoop.it!

Anatomy of a Gh0st RAT

"This document describes what I [Michael G. Spohn] learned during my analysis of the Gh0st RAT source code. I describe in great detail how the multiple binaries work together, the extensive capabilities of the malware, and the structure of the source code tree. I also explore how the malware compromises a host, its obfuscation and encryption methods, and how it communicates. Finally, I provide some tips on how to identify a host compromised by the RAT and how to defend against it."

more...
No comment yet.
Scooped by yk
Scoop.it!

quick post : utmp parser

I’m sharing another script that is parse to utmp file.
• utmp_parser.py (download here)
as you know, the utmp file keeps track of the current login state of each user.(but not all of program)
even in...
more...
No comment yet.
Scooped by yk
Scoop.it!

A Case Study of Intelligence-Driven Defense

"The most naive analysis you can perform with a kill chain is to map the magnitude of effort the attacker has applied at each stage. If you do this for the mass- malware kill chain, the exploita- tion step clearly stands out. [...] This might indicate a capability gap and creates an op- portunity for defense."

 

(via @c_APT_ure)

more...
No comment yet.
Scooped by yk
Scoop.it!

63% of website owners don't know how they were hacked | ZDNet

63% of website owners don't know how they were hacked | ZDNet | Pragmatic Forensics | Scoop.it
It’s bad enough when your website is hacked, but it’s even worse when you don’t know how it happened.
more...
No comment yet.
Scooped by yk
Scoop.it!

dfxml.pdf

"Digital Forensics XML (DFXML) is an XML language designed to represent a wide range of forensic information and forensic processing results. By matching its abstractions to the needs of forensics tools and analysts, DFXML allows the sharing of structured information between independent tools and organizations. Since the initial work in 2007, DFXML has been used to archive the results of forensic processing steps, reducing the need for re-processing digital evidence, and as an interchange format, allowing labeled forensic information to be shared between research collaborators. DFXML is also the basis of a Python module (dfxml.py) that makes it easy to create sophisticated forensic processing pro- grams (or “scripts”) with little effort."

more...
No comment yet.
Scooped by yk
Scoop.it!

the nanyang post: FBI chief seeks allies to fight cyber crime

the nanyang post: FBI chief seeks allies to fight cyber crime | Pragmatic Forensics | Scoop.it
It's essential that private corporations and government agencies across the globe coordinate on cyber crime, Mueller said, in part because nefarious hackers are already forming alliances. "We must work together to safeguard ...
more...
No comment yet.