Taking Forensic Disk Images from the OVH Cloud

Taking Forensic Disk Images from the OVH Cloud

| | Breach, DFIR, forensics, Incident Response
This article explains how a disk image can be taken from a virtual machine running on the public cloud. The acquired disk image can then be used with offline forensic tools like ...
Mini Memory CTF - A Memory Forensics Challenge

Carving Packets from Memory

Someone who says 'We're gonna pull the packet captures out of the router' probably has no clue how to capture network traffic. In the Lindell case, statements like these were results of ...

Risks of Evidentiary Software

Over at Lawfare, Susan Landau has an excellent essay on the risks posed by software used to collect evidence (a Breathalyzer is probably the most obvious example). Bugs and vulnerabilities can lead ...

Introducing NetWitness Cloud SIEM: All the Power Without the IT

NetWitness is the security and compliance choice for of the world?s largest, most complex and most security-conscious organizations. NetWitness Cloud SIEM makes it easy for organizations of any size and type to ...

NetWitness ? A Brief History of an Iconic Threat Detection & Response Platform

The history of NetWitness reflects the continuous evolution of threats and bad actors. Begun as a government intelligence research project, NetWitness has earned a reputation as the most powerful detection and forensics ...

More SolarWinds News

Microsoft analyzed details of the SolarWinds attack: Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot, was ...

Analyzing an Instance of Meterpreter’s Shellcode

In my previous post on detecting and investigating Meterpreter's Migrate functionality, I went down a rabbit hole on the initial PowerShell attack spawned by and Excel macro. In that payload was a ...
phishing email

How to Forensically Examine Phishing Emails

Learn about the warning signs that can help you identify phishing and how to confirm your suspicions with a forensic examination of the email header In the fight to safeguard data, one ...
Security Boulevard

Shmoocon 2020 – Alissa Gilbert’s ‘Anti-Forensics For Fun And Privacy’

Thanks to the 0xdade for publishing these outstanding Shmoocon 2020 Convention videos via the 0xdade YouTube channel and the 0xdade Shmoocon 2020 Playlist for everyone to view, learn and, of course, enjoy ...
Laptop, Raspberry Pi, PolarProxy, Internet ASCII

Discovered Artifacts in Decrypted HTTPS

We released a PCAP file earlier this year, which was recorded as part of a live TLS decryption demo at the CS3Sthlm conference. The demo setup used PolarProxy running on a Raspberry ...