DIGITAL FORENSICS CORNER – 1

Some insightful resources might helpful;

1: Cellebrite Capture the Flag (CTF) write-up specifically links to many of the free, open-source tools, which is worth a read to understand the commands may found in the blog.

https://ciofecaforensics.com/2020/11/02/cellebrite-ctf-ruth

2: Evidence Collecting Tools for Fast Forensics Concepts, Process, and Methods for windows-based machines. First Triage/Live Response script (a simple Windows batch script) the problem seemed like a simple one: Collect artifacts and telemetry from an endpoint and save them to a locally attached USB drive for analaysis.

https://medium.com/@soji256/evidence-collecting-tools-for-fast-forensics-f4ee952f32bb
http://www.musectech.com/2020/11/building-collection-tool-part-i.html?m=1

3: Threat Hunting tool include clear signs of both malicious activity and legitimate traffic. The legitimate traffic, included in the list of potential issues, is considered a false positive; traffic incorrectly flagged as potentially malicious.

Threat Hunting tool include clear signs of both malicious activity and legitimate traffic. The legitimate traffic, included in the list of potential issues, is considered a false positive; traffic incorrectly flagged as potentially malicious.

https://www.activecountermeasures.com/threat-hunting-false-positives/

4: CTFs/#DFIR forensic test images have been moved to its own page for ease of finding something to practice on or practice with. There are dozens of listings now with hundreds more being added.

https://www.dfir.training/ctfs-images

5: 25 Days, 25 Questions on Digital Forensics Lab And Tool Standards by Sh. Santosh Khadsare, digital forensics expert.Every day a question was posed to the enthusiastic digital forensic community for following purposes:

  • Creating a common forum for the DFIR professionals to interact and share their thoughts.
  • Increasing the core knowledge base in an interactive mode.
  • Networking with professionals who are working in this niche area.

https://www.forensicfocus.com/articles/25-days-25-questions-part-4-lab-and-tool-standards/

6: Malware/IR-Tools-Resources shared by Sh. Shilpesh Trivedi, Malware Analyst.; this repo contains resources for following:

Malware Analysis, Threat Hunting, Incident Response, Threat Intelligence etc

https://github.com/ShilpeshTrivedi/Malware-IR-Tools-Resources

My two-cent:

  • Analyst or examiner should also focus on manual analysis of these artefacts rather than blindly depending on automated parsers tools.
  • While doing any analysis it is also emphasize the importance of knowing where to find specific forensic artifacts related to the incident.
  • DO crosss examination atleast with more than one tool for better result.

Read also free study resources on digital forensics: https://d3pakblog.wordpress.com/2017/08/02/d34n6-tutorial/

Disclaimer: These resources is provided “as is” for informational education purposes only; not endorsement.

One Comment Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.