NRW.social

6 Beiträge6 Beteiligte0 Beiträge heute

Natasha 👸Sidder og kigger på en image af en T68i fra digital corpera. Jeg har lavet lidt python til at trække billeder ud men det fungere ikke helt. Nogle der ligger inde med filsystem formatet for sådan en telefon?Eng: I am looking at an image of the storage in a T68i from digital corpera. I have written some simple python to extract pictures. But do anyone know about the storage layout of such phone?<a href="https://helvede.net/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dfir</a> <a href="https://helvede.net/tags/4n6" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#4n6</a> <a href="https://helvede.net/tags/mobile" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mobile</a>

b00010111"The Impact of Microsoft’s ReFS on DFIR" -> comparing NTFS evidences with ReFS. What stays, what changes and what will be gone. Recommended read! <a href="https://medium.com/@mathias.fuchs/the-impact-of-microsofts-refs-on-dfir-cdb78f401bfd" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://medium.com/@mathias.fuchs/the-impact-of-microsofts-refs-on-dfir-cdb78f401bfd</a> <a href="https://ioc.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://ioc.exchange/tags/ReFS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ReFS</a> <a href="https://ioc.exchange/tags/NTFS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NTFS</a> <a href="https://ioc.exchange/tags/filesystems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#filesystems</a>

𝘾-rich<a href="https://lgbtqia.space/@alice" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@alice</a> Did this asshole already exfiltrate our data needed or is he really feeling pressure? <a href="https://infosec.exchange/@Kancept" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Kancept</a> <a href="https://mstdn.social/tags/sysmon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sysmon</a> <a href="https://mstdn.social/tags/logs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#logs</a># <a href="https://mstdn.social/tags/DLP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DLP</a> <a href="https://mstdn.social/tags/DPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DPI</a> <a href="https://mstdn.social/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://mstdn.social/tags/fuckdoge" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fuckdoge</a>

Volexity :verified:New on the <a href="https://infosec.exchange/@volexity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@volexity</a> Blog: Multiple Russian threat actors are leveraging Signal, WhatsApp, and a compromised Ukrainian government email address to impersonate EU officials. This latest round of phishing attacks abuses first-party Microsoft Entra apps and OAuth to compromise targets.<a href="https://www.volexity.com/blog/2025/04/22/phishing-for-codes-russian-threat-actors-target-microsoft-365-oauth-workflows" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.volexity.com/blog/2025/04/22/phishing-for-codes-russian-threat-actors-target-microsoft-365-oauth-workflows</a><a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dfir</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a>

Chris Sanders 🔎 🧠Investigation Scenario 🔎You have detected unauthorized modification to /etc/libaudit.conf on a Linux server. What do you look for to investigate whether an incident occurred and its impact? What could an attacker have done here?<a href="https://infosec.exchange/tags/InvestigationPath" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InvestigationPath</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SOC</a>

Alexis Brignoni :python: :donor:Going back to work after the weekend is like...<a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalForensics</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/MobileForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MobileForensics</a>

Andrea LazzarottoFuji is allowing digital forensics professionals all over the world to easily perform <a href="https://mastodon.social/tags/macOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#macOS</a> full file system acquisition, without heavy licensing costs.This kind of feedback is really appreciated and helpful for spreading the word. A huge thank you to Cesar Amaya. 🙏Do you use <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> software in your <a href="https://mastodon.social/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> job? Tell others about it! Sharing is caring! 💪<a href="https://mastodon.social/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalForensics</a> <a href="https://mastodon.social/tags/MacForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MacForensics</a> <a href="https://mastodon.social/tags/AppleForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AppleForensics</a> <a href="https://mastodon.social/tags/FujiApp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FujiApp</a> <a href="https://mastodon.social/tags/Fuji" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Fuji</a><a href="https://www.linkedin.com/posts/activity-7318758583553167361-q9Br/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.linkedin.com/posts/activity-7318758583553167361-q9Br/</a>

Alexis Brignoni :python: :donor:Just like there is no self-made person there is no self-solved case.Give credit where credit is due to all that participated no matter how much or how little the contribution was.Stop sharing blame and start sharing the credit.<a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalForensics</a> <a href="https://infosec.exchange/tags/MobileForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MobileForensics</a>

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨Google's GRR (GRR Rapid Response) is an open-source framework for remote live forensics and incident response. It allows security teams to investigate systems at scale without interrupting operations. Used for data collection, analysis, and hunting. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> 👉 <a href="https://github.com/google/grr" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/google/grr</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

cyb_detectiveDigital Forensic StartMe page- getting started guides - VM/distros - decoding tools - mobile forensics - network analysis - metadata tools - SANS posters/cheatsheets<a href="https://start.me/p/m60j2v/digital-forensics" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://start.me/p/m60j2v/digital-forensics</a><a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dfir</a>

Kevin Pagano - Stark 4N6 :verified:Minor version update for <a href="https://infosec.exchange/tags/Autopsy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Autopsy</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://github.com/sleuthkit/autopsy/releases/tag/autopsy-4.22.1" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/sleuthkit/autopsy/releases/tag/autopsy-4.22.1</a>

SaltmyhashThis NLRB whistleblower complaint is a horror story for any CERT team. As a CTI/SOC analyst, if I see spawned powershell invoking web requests to some random-ass AI API reverse-engineering tool/headless browser repository, large outbound byte transfers measured in GBs, or conditional access policies/MFA being tampered with, you’re getting isolated and we’re standing up an incident response bridge. Also, someone on your team has an info stealer on their device if they’re seeing attempted logins from a foreign country within fifteen minutes of account creation. This is an insider threat case of the worst kind: one your security team gets to watch but can’t do a damn thing to stop. <a href="https://arstechnica.com/tech-policy/2025/04/government-it-whistleblower-calls-out-doge-says-he-was-threatened-at-home/?comments-page=1#comments" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/tech-policy/2025/04/government-it-whistleblower-calls-out-doge-says-he-was-threatened-at-home/?comments-page=1#comments</a><a href="https://whistlebloweraid.org/wp-content/uploads/2025/04/2025_0414_Berulis-Disclosure-with-Exhibits.s.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://whistlebloweraid.org/wp-content/uploads/2025/04/2025_0414_Berulis-Disclosure-with-Exhibits.s.pdf</a><a href="https://infosec.exchange/tags/cti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cti</a> <a href="https://infosec.exchange/tags/soc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#soc</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dfir</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Alexis Brignoni :python: :donor:Is the tool vendor provided training subject to tariffs too?<a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalForensics</a> <a href="https://infosec.exchange/tags/MobileForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MobileForensics</a> <a href="https://infosec.exchange/tags/SameContentForDoubleThePrice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SameContentForDoubleThePrice</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a>

DFN-CERT🐰 Rechtzeitig zu Ostern: neue Versionen von <a href="https://infosec.exchange/tags/Sleuthkit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Sleuthkit</a> und <a href="https://infosec.exchange/tags/Autopsy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Autopsy</a> erschienen:<a href="https://github.com/sleuthkit/sleuthkit/releases/tag/sleuthkit-4.14.0" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/sleuthkit/sleuthkit/releases/tag/sleuthkit-4.14.0</a><a href="https://github.com/sleuthkit/autopsy/releases/tag/autopsy-4.22.1" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/sleuthkit/autopsy/releases/tag/autopsy-4.22.1</a><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/Forensik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Forensik</a>

13reak :fedora:<a href="https://infosec.exchange/@chrissanders88" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@chrissanders88</a> Getting the volatile data first with velociraptor Windows.System.DLLs. (Maybe the dll is still loaded)Then of course, getting the dll from the file system. Maybe dumping it in a sandbox /checking the hash on virus total.Otherwise evidence of execution. I think e.g. AppCompatCache also lists dlls.<a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/velociraptor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#velociraptor</a>

Chris Sanders 🔎 🧠Investigation Scenario 🔎The process explorer.exe spawned rundll32.exe on a system on your network.What do you look for to investigate whether an incident occurred?Assume you have access to whatever digital evidence source you need.<a href="https://infosec.exchange/tags/InvestigationPath" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InvestigationPath</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/SOC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SOC</a>

Kevin Pagano - Stark 4N6 :verified:<a href="https://infosec.exchange/tags/Stark4N6" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Stark4N6</a>: Tracking iOS App Installs and Purchase History with StoreUser DB <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://www.stark4n6.com/2025/04/tracking-ios-app-installs-and-purchase.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.stark4n6.com/2025/04/tracking-ios-app-installs-and-purchase.html</a>

Alexis Brignoni :python: :donor:Sadly some actually do 😬<a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalForensics</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/MobileForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MobileForensics</a>

The DFIR ReportPassionate about Digital Forensics and Incident Response? Want to share your expertise with the security community while collaborating with talented analysts worldwide?We're looking for volunteer analysts to join the team! We dive deep into real-world threats and publish monthly public reports detailing threat actor TTPs and how they achieve their goals.As part of the team, you will:➡️Analyze intrusion data and contribute to impactful DFIR reports. ➡️Help shape how we share findings 📄🎨 ➡️Collaborate with and learn from amazing analysts across the globe. ➡️Access our internal group to ask questions, share insights, and improve processes. 🧠 ➡️ Have the unique opportunity to present our collective findings at security conferences and talks! 🎤Ready to join the team? Follow the process ➡️ <a href="https://github.com/The-DFIR-Report/DFIR-Artifacts" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/The-DFIR-Report/DFIR-Artifacts</a><a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/DigitalForensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalForensics</a> <a href="https://infosec.exchange/tags/IncidentResponse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IncidentResponse</a> <a href="https://infosec.exchange/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThreatIntelligence</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a>

b00010111Sounds very handy: "This script is designed to automate the following operations: Mounting disk images (E01 or raw) Handling LVM volumes Automatically identifying and mounting partitions Exporting mounted partitions into E01 format if desired Safely unmounting and cleaning up devices and volumes when finished All mount operations are performed read-only, with noexec and other conservative options to preserve evidence integrity."<a href="https://www.hecfblog.com/2025/04/daily-blog-805-mount-that-thing.html?m=1" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.hecfblog.com/2025/04/daily-blog-805-mount-that-thing.html?m=1</a> <a href="https://ioc.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DFIR</a> <a href="https://ioc.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a>

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#dfir