Quantcast
Channel: Crucial Security Forensics Blog » Digital Forensics
Browsing all 10 articles
Browse latest View live

Image may be NSFW.
Clik here to view.

Addressing Malware Issues from an Operational Perspective

By: Michael Robinson For approximately four years, I was responsible for the operation of a Local Area Network (LAN). Over that time the user population and data stored on the LAN more than the...

View Article



Image may be NSFW.
Clik here to view.

Virtual Machine Data Recovery Using the Open VMFS Driver

By: JD Durick While forensic evidence can be recovered from hypervisor-based virtual environments (VMware’s ESXi server) used to host virtual machines through other known methods, this blog will focus...

View Article

Image may be NSFW.
Clik here to view.

A Thought Provoking Way of Analyzing wtmp Files

By Mark Wade I was recently analyzing a FreeBSD computer system and was trying to determine from the wtmp files who had logged into the system, from what remote IP addresses, into what account and...

View Article

Image may be NSFW.
Clik here to view.

The Apple System Log – Part 1

By Sarah Edwards The Apple System Log was introduced in Mac OS 10.4 as a substitute for the syslog message logging functionality. These ASL files contain a variety of information that can be of use to...

View Article

Image may be NSFW.
Clik here to view.

Decoding Data Exfiltration – Reversing XOR Encryption

By: Brian Hussey One of the first and most important questions that intrusion analysts are asked after a network attack is “did they steal anything?”. And if so, “what did they take?”. Often, this is...

View Article


Image may be NSFW.
Clik here to view.

The Apple System Log – Part 2 – Console.app

By: Sarah Edwards Compatibility Note: This article was written using Console.app on 10.6 – 10.7 changes slightly but still contains the functionality contained in this article (actually more, check out...

View Article

Image may be NSFW.
Clik here to view.

How can VMware’s Virtual Disk Development Kit help the forensic examiner?

By: JD Durick Many times during forensic examinations, the analyst will virtualize an acquired raw disk image given to them as a way of assisting in the overall investigation to help in the detection...

View Article

Image may be NSFW.
Clik here to view.

Harris @ DoD Cyber Crime Conference 2012

For all those readers attending the DoD Cyber Crime Conference, please don’t forget to visit us at booth #509. We love to talk nerd and you can meet some of this blog’s authors. We’re always looking to...

View Article


Image may be NSFW.
Clik here to view.

On the Difficulty of Autonomous Pornography Detection

By: John Ortiz INTRODUCTION: I was watching the news the other day and saw a news report about a new product that claimed to be able to detect pornography on a PC. Fascinated, and knowing what a...

View Article


Image may be NSFW.
Clik here to view.

Reading Mac BSM Audit Logs

By: Sarah Edwards The audit trail logs provide security related information, in particular user login/logoff data. By default, these logs record a user logging in and logging off via the login screen,...

View Article
Browsing all 10 articles
Browse latest View live




Latest Images