New Autopsy release is out! π
It's been a minute, but it's out. Notable features are BitLocker support and it can run side-by-side with Cyber Triage. Plus, a bunch of library updates.
Now Cyber Triage and Autopsy can be used on the same case at the same time!
www.autopsy.com/autopsy-4-22...
Elon Muskβs claim the X DDoS is from βIP addresses originating in the Ukraine areaβ is missing a key fact - it was actually IPs from worldwide, not just Ukraine.
Itβs a Mirai variant botnet, made of compromised cameras. They specifically targeted a Twitter ASN which had origin servers not behind CF
New Blog! Investigating Anonymous VPS services used by Ransomware Gangs
h/t to @drb_ra for lending me some of their C2 data! Made my life a lot easier π«‘
π blog.bushidotoken.net/2025/02/inve...
Podcast version: www.youtube.com/watch?v=xX25...
This is an important story.
The shitty part? I am Canadian, a court expert, I have offered my help to numerous Canadian orgs, lawyers and the Innocence Project.
Yet? I am only on dockets in Kansas, Oklahoma, and California through their indigent defense systems or NPOs.
Why? Wanna guess?
SCOOP: Kash Patel took $25,000 from a production company with ties to Russia propaganda activity to appear in an anti-FBI docuseries. He did not respond to questions about this.
www.motherjones.com/politics/202...
From last month if you missed it - a gooder from @kennedycatherine.bsky.social
'Tools donβt do forensics β you do. A tool should amplify your skill, not replace it.' - Brett Shavers brettshavers.com/brett-s-blog...
'Technology will evolve. But your ability to think critically, prioritize, and follow evidence where it leads will always set you apart.' - Brett Shavers brettshavers.com/brett-s-blog...
#DFIR π of the day: Our knowledge base is built on sharing - community contribution is critical.
With ever-evolving tech, no examiner knows all - we constantly learn new things. Shared knowledge is required- blog, script, peer review, etc - Please share! You have something to contribute!
I wrote a blog post reflecting on what I read from Brett Shavers' book, Placing the Suspect Behind the Keyboard: DFIR Investigative Mindset.
πArcPoint Forensics DFIRmas Podcast Season 2 Episode 1 is out!
βοΈTopic: Validation
π
Guest: Me!
βοΈSubscribe to the channel for more interviews.
πCheck it out at the link below:
https://buff.ly/4g4U6sk
#DFIR #DigitalForensics #MobileForensics
SentinelLab observed threat actor targeting service providers in Southern Europe abusing Visual Studio Code tunnels to maintain persistent remote access to compromised systems. www.bleepingcomputer.com/news/securit... KQL to detect such abuse.
#DFIR π of the day: Training should educate examiners on going beyond tool results.
Hereβs why:
1) Validate tool findings - particularly βsmoking gunβ.
2) Determine data meaning of results: how/why
3) Explain analysis results
4) Find unsupported artifacts
5) Adapt to change of supported artifacts
π¨ New file structure might contain email related data in BFU extractions!!! Also spotlight related data.
π¨ An iLEAPP artifact is available.
π Thanks to John Hyla for the research & parser.
π Check the post here: https://buff.ly/41Cv3Zp
#MobileForensics
From moi
Detecting AiTM Phishing and other ATO Attacks
academy.bluraven.io/blog/detecti...
#ThreatHunting #DetectionEngineering #Kusto #KQL #MicrosoftSentinel
You are threat hunting? You use KQL? Then read this post and follow @attackthesoc.com
WebScout
Online tool to collect domain/IP information:
- list of emails of domain (a very long list is given out upon free request)
- general domain info
- subdomains
- certificates
- similar domains
Partly free.
The SANS OSINT Summit listing for Justin Seitz and Chris Atha's presentation named: Kangaroo Court & The Evidence Carnival: How OSINT Can Save the Digital Forensics Plague. The registration URL is https://www.sans.org/cyber-security-training-events/sans-osint-summit-2025/#agenda
Hey hey #OSINT family! It will have been 5 years since we all gathered in Alexandria, Virginia - we get to do it again!
www.sans.org/cyber-securi...
