Memory forensics is the science of analyzing computer memory, both volatile and non-volatile that reveals a vast array of analytical points in regards to the state of which the machine was in during memory image acquisition. Memory forensics is paramount to the analyses of volatile memory of a computer system, which contains numerous artifacts that may prove to be useful during a digital forensics investigation.
6 Minutes
The proliferation of USB devices not only is an added convenience to users but also a hindrance to network and information security and as a result can be used for nefarious purposes. This is why having the ability to examine USB device history and files are critical to digital forensic investigations. This assignment will walk through the basic forensic examination process of how to examine USB drive artifacts.
This assignment was performed using Windows 10 running as a virtual machine inside of VMware Fusion 8 hypervisor on macOS Sierra as the host operating system. The first step is to wipe the hard drive clean in order to achieve uncontaminated results during our experiment. After a short search, I decided to use a freeware program called “Disk Wipe v1.7”. For the sake of time, I decided to wipe the USB drive using the one pass zero option, which basically write a pattern of zeroes across the entire drive’s files system ensuring that no remnants of any prior data remains.
Continue reading
8 Minutes
Below is the IR Script that I produced for Windows systems. The test machine was Windows 2016 Core running inside of VMware Fusion 8. I’ve included some tools for the most commonly requested information. As an incident handler, I believe it is better to use the least complicated tools possibly to get the job done, therefore, avoiding unnecessary complications that run the risk of jeopardizing an incident response investigation. Batch scripting is also within my comfort zone. Another benefit of batch scripting is that they require the least amount of time to prepare and have proven to be very reliable across multiple operating system distributions.
Continue reading
4 Minutes
One forensic tool that can be used to analyze this type of data is EnCase Forensic available commercially or the freely downloadable open source digital forensic software called SIFT from SANS.
24 Minutes
A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)[1]
It is essential, in today’s society, for businesses to have an online presence in order to be fully capable of engaging in e-commerce and stay competitive. As a result, it’s imperative that businesses protect their data and put IT security at the forefront of everything they do online and off. With the advancement of new technologies comes opportunities for businesses to fall victim to scams through various attack vectors some of the most popular being social engineering and online computer network infiltrations.
Continue reading
13 Minutes
Putter Panda is a criminal hacker organization based out of China that has been linked to numerous cyber espionage events against American and European governments and corporations. They are linked to China’s shadow army known as, Unit 61486 of the 12th Bureau of the People’s Liberation Army’s 3rd General Staff Department.
Putter Panda is accused of launching Advanced Persistent Threat (APT) style espionage campaigns against American and European based space and defense companies. The group’s primary motivation is economic advancement, and accelerating time to market for knock-off technologies[1].
Continue reading
Decentralized Intelligence 