Tracking Down a Suspect through Cell Phone Records

Interesting forensics in connection with a serial killer arrest: Investigators went through phone records collected from both midtown Manhattan and the Massapequa Park area of Long Island—two areas connected to a “burner ...

Identifying the Idaho Killer

The New York Times has a long article on the investigative techniques used to identify the person who stabbed and killed four University of Idaho students. Pay attention to the techniques: The ...

Operation Triangulation: Zero-Click iPhone Malware

Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of ...

How to Break Into a Cybersecurity Career – Digital Forensics and Incident Response (DFIR)

Matt Scheurer, host of the ThreatReel Podcast and Assistant Vice President of Computer Security and Incident Response in a large enterprise environment, joins us to discuss starting a career in digital forensics ...
Network Traffic Observability: Three PacketStreamer Use Cases

Network Traffic Observability: Three PacketStreamer Use Cases

A few weeks ago, we announced a new open source project called PacketStreamer, which provides a simple, lightweight, scalable technique for capturing and streaming packets from virtualized environments (K8s, VMs, AWS Fargate) ...

Dark Web Marketplace Vendor Forensics

| | csu, forensics, Privacy
Researchers claim that the majority of the dark web exist to facilitate criminal activities, including drug trade, financial fraud, and illegal pornography. This article explores the different methods researchers have experimented with ...
Taking Forensic Disk Images from the OVH Cloud

Taking Forensic Disk Images from the OVH Cloud

| | Breach, csu, DFIR, forensics
This article explains how a disk image can be taken from a virtual machine running on the public cloud. The acquired disk image can then be used with offline forensic tools like ...
Mini Memory CTF - A Memory Forensics Challenge

Carving Packets from Memory

Someone who says 'We're gonna pull the packet captures out of the router' probably has no clue how to capture network traffic. In the Lindell case, statements like these were results of ...

Risks of Evidentiary Software

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example). Bugs and vulnerabilities can lead ...

Introducing NetWitness Cloud SIEM: All the Power Without the IT

NetWitness is the security and compliance choice for of the world?s largest, most complex and most security-conscious organizations. NetWitness Cloud SIEM makes it easy for organizations of any size and type to ...