Android is one of the most open, versatile, and customizable mobile operating systems out there. Android is a Linux-based operating system with market share — 79.70 percent in smart phones. Android is a software stack for mobile devices that includes an operating system, middleware and key applications.
Everybody has a story. Everybody has a reason about why they ended up in the Digital Forensic...
The US government has moved to drop several charges against journalist and activist Barrett...
Examining static properties of suspicious files is a good starting point for malware analysis. This effort allows you to perform an initial assessment of the file without even infecting a lab system or studying its code.
The situation was that we had a Windows system that had been compromised ... the bad guy had accessed the system using stolen credentials, then used it to move laterally to other systems. Between this and the response activities, the system had been infected with malware that overwrites and deletes files.
It has been over six months since Edward Snowden’s unprecedented NSA leaks, and we are still a long way from being able to assess the damage. Web services companies are taking notice, and we have already seen some very useful artifacts disappear.
Bills introduced recently at the state level, if they become law, could bar many technology companies from doing business not only with the NSA, but also with state and local government entities.
It feels like every day we’re finding gems, or what appear to be gems to us. We try to balance the use of the term, but I can’t lie, these are truly gems. The things they are doing, and by they I mean the attackers, are in some instance ingenious. I think you’ll agree that this case falls into that category.
NIST's National Cybersecurity Center of Excellence has proposed two new cybersecurity building blocks, one to help organizations develop capabilities for attribute-based access control, and the other to help address enterprise security issues that result from the use of mobile devices to access company resources.
We begin with OJ TheColonial Reeves' new optimized sub encoding module (opt_sub.rb). As the name implies, this encoder takes advantage of the SUB assembly instruction to encode a payload with printable characters that are file path friendly. Encoders like this are incredibly useful for developing a memory corruption exploit that triggers a file path buffer overflow, where you typically have a pretty limited character set to work with.
Authorities around the world are grappling with how to regulate virtual currency in the wake of the implosion of Mt. Gox, a prominent trading platform for Bitcoin.
FireEye has just released its 2013 Advanced Threat Report (ATR), which provides a high-level overview of the computer network attacks that FireEye discovered last year. In this ATR, we focused almost exclusively on a small, but very important subset of our overall data analysis — the advanced persistent threat (APT).
Last week’s story about steeply falling prices on credit and debit card data stolen from Target mentioned several reasons why many banks may not have already reissued all of their cards impacted by the breach. But it left out one other key reason: A huge backlog of orders at companies that manufacture credit and debit cards on behalf of financial institutions.
The Application Experience and Compatibility feature ensures compatibility of existing software between different versions of the Windows operating system. The implementation of this feature results in some interesting program execution artifacts that are relevant to Digital Forensic and Incident Response (DFIR).
About a month ago, I was involved in an investigation that revealed a targeted attacker using an interesting variation of a well-known persistence mechanism – a technique that is relevant both to incident responders hunting for evil and penetration testers looking to add post-exploitation methods to their toolkit. Today, I’m going to talk about this persistence mechanism and discuss some ways to go about identifying it in your environment.
Microsoft Office 2013 continues to yield very interesting artifacts related to user activity. Harlan posted recently about the "PendingChanges" subkeys associated with PowerPoint, and I have previously posted about MS Word's "Reading Locations" subkeys as well as the last saved location metadata in Excel 2013 spreadsheets.
Cyber Crime is all about the money. It motivates most cyber crooks, from hackers penetrating company networks looking for information to sell or exploit, through the operators of online underground marketplaces, to DDoSers hired to take out a rival firm's web infrastructure.
Recently I have had cause to look again at how the Apple Safari web browser stores cache. The introduction of OSX Lion brought some changes in that a new table cfurl_cache_receiver_data was created within the SQLite cache.db database and used to store the cached item as a binary large object in the receiver_data field. Previously this field was within the cfurl_cache_blob_data table.