Starting this post by admitting it took me a lot longer to get the answers to some of these questions than it should have, because I misunderstood some of the wording of the questions. I ended up going down a lot of RFC-related rabbitholes, only to find that certain parts were theoretical and others practical. Well, we all make mistakes, onto the post!Read More »
Week 3 is over! Well, it went for a couple of weeks, and is no longer active. But it was the third challenge!
This time we went looking into the PST file format, as well as identifying manipulated emails. I found this one a little bit easier than Week 4, which is currently giving me griefRead More »
Back for week 2 of the Metaspike weekly CTF. This week we’ve been given an MSG file containing correspondence between two colleagues. I tried to do this one with entirely free tools again, but there’s a minor caveat that you do need access to Outlook to get the full MSG parsing experience.
Please let me know if there’s a way to do this without Outlook!Read More »
Creating disk images and virtual hard disks can be super useful for testing, which I’ll demonstrate in a future post (that I’ve mostly written, but needed this one to go out beforehand!)
I wrote this a while back, and have finally gotten around to posting it!
Recently tested the use of Certutil to download a file and look for the artefacts. I didn’t find much in the DFIR realm about what this might look like on a system so thought best to post it up!
I wanted to take a quick and dive into this week’s Sunday Funday challenge but didn’t have a whole lot of time, I basically set a timer for an hour or so at the end of the day and found as much as I could, and then compiled it all today. Gotta set a time limit or else the rabbit-hole never ends 🙂
Oleg has already shared his answer and done a decent amount of work to answering the questions. I’m not going to be reinventing the wheel a whole lot, just expanding on what has already been found.
(Note: I’m not going to be answering all of the questions)
It’s nomination time again for the Forensic 4cast Awards, held at the SANS DFIR Summit in Austin, Texas. I thought I would post up my nominations to recognise all the people and teams that have contributed to the #DFIR community over the last year.
There’s less than a week to go, so get your nominations in to show your appreciation!
Coming soon to a town near
DFRWS is expanding into APAC this year, with an inaugural event in Sydney to correspond with the IAFS conference.
I’m Workshop Co-Chair along with Matthew Simon so if you have some interesting ideas for workshops let me know soon.