Analyzing an Instance of Meterpreter’s Shellcode

In my previous post on detecting and investigating Meterpreter's Migrate functionality, I went down a rabbit hole on the initial PowerShell attack spawned by and Excel macro. In that payload was a ...
phishing email

How to Forensically Examine Phishing Emails

Learn about the warning signs that can help you identify phishing and how to confirm your suspicions with a forensic examination of the email header In the fight to safeguard data, one ...
Security Boulevard

Shmoocon 2020 – Alissa Gilbert’s ‘Anti-Forensics For Fun And Privacy’

Thanks to the 0xdade for publishing these outstanding Shmoocon 2020 Convention videos via the 0xdade YouTube channel and the 0xdade Shmoocon 2020 Playlist for everyone to view, learn and, of course, enjoy ...
Laptop, Raspberry Pi, PolarProxy, Internet ASCII

Discovered Artifacts in Decrypted HTTPS

We released a PCAP file earlier this year, which was recorded as part of a live TLS decryption demo at the CS3Sthlm conference. The demo setup used PolarProxy running on a Raspberry ...
Erik presenting PolarProxy at CS3Sthlm, photo credit: CS3Sthlm

Sharing a PCAP with Decrypted HTTPS

Modern malware and botnet C2 protocols use TLS encryption in order to blend in with 'normal' web traffic, sometimes even using legitimate services like Twitter or Instagram. I did a live demo ...

Dark Web Site Taken Down without Breaking Encryption

The US Department of Justice unraveled a dark web child-porn website, leading to the arrest of 337 people in at least 18 countries. This was all accomplished not through any backdoors in ...

SANS DFIR, Jason Jordaan’s ‘Understanding The Forensic Science In Digital Forensics’

Thanks to SANS for publishing the SANS DFIR superlative DFIR videos on their SANS DFIR YouTube Channel Permalink ...

Webinar: Wireshark for Hackers

Register Now for a Packet Level Foundation in Incident Response! Join Laura Chappell as she demonstrates Wireshark’s use as a network forensics tool. Laura will walk you through some tricks used to ...
42% of used drives sold on eBay hold sensitive data, researchers find

42% of used drives sold on eBay hold sensitive data, researchers find

Selling your old hard drive on eBay may sound like a good way to squeeze a few extra bucks from unused hardware, but not if you don’t erase the data properly. A ...

Popular Computer Forensics Top 21 Tools [Updated for 2019]

| | feature, forensics
Computer forensics is a very important branch of computer science in relation to computer and Internet related crimes. Earlier, computers were only used to produce data but now it has expanded to ...