621 matches found
ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach
ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor. "ConnectWise recently learned of suspicious activity within our environment that we believe wa...
Chances and Challenges of the Model Context Protocol in Digital Forensics and Incident Response
Large language models hold considerable promise for supporting forensic investigations, but their widespread adoption is hindered by a lack of transparency, explainability, and reproducibility. This paper explores how the emerging Model Context Protocol can address these challenges and support th...
New Malware Spotted Corrupts Its Own Headers to Block Analysis
Fortinet spots new malware that corrupts its own headers to block forensic analysis, hide behavior, and communicate with its C2 server...
Digital Forensic Investigation of the ChatGPT Windows Application
The ChatGPT Windows application offers better user interaction in the Windows operating system OS by enhancing productivity and streamlining the workflow of ChatGPT's utilization. However, there are potential misuses associated with this application that require rigorous forensic analysis. This...
CVE-2024-47608
Logicytics is designed to harvest and collect data for forensic analysis. Logicytics has a basic vuln affecting compromised devices from shell injections. This vulnerability is fixed in 2.3.2...
CVE-2020-11723
Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys to authenticate to the ADB daemon on target devices. Extracted keys can be used to place evidence onto target devices when performing a forensic extraction...
Exploit for Use of Less Trusted Source in Apache Http_Server
CVE-2022-31813 Vulnerability Checker Author: Derek Odiorn...
Defining Atomicity (And Integrity) for Snapshots of Storage in Forensic Computing
The acquisition of data from main memory or from hard disk storage is usually one of the first steps in a forensic investigation. We revisit the discussion on quality criteria for "forensically sound" acquisition of such storage and propose a new way to capture the intent to acquire an...
In Search of Lost Data: a Study of Flash Sanitization Practices
To avoid the disclosure of personal or corporate data, sanitization of storage devices is an important issue when such devices are to be reused. While poor sanitization practices have been reported for second-hand hard disk drives, it has been reported that data has been found on original storage...
Mobius Forensic Toolkit 2.15
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools...
On Technique Identification and Threat-Actor Attribution Using LLMs and Embedding Models
Attribution of cyber-attacks remains a complex but critical challenge for cyber defenders. Currently, manual extraction of behavioral indicators from dense forensic documentation causes significant attribution delays, especially following major incidents at the international scale. This research...
Apple'S Synthetic Defocus Noise Pattern: Characterization and Forensic Applications
iPhone portrait-mode images contain a distinctive pattern in out-of-focus regions simulating the bokeh effect, which we term Apple's Synthetic Defocus Noise Pattern SDNP. If overlooked, this pattern can interfere with blind forensic analyses, especially PRNU-based camera source verification, as...
Towards a Standardized Methodology and Dataset for Evaluating LLM-Based Digital Forensic Timeline Analysis
Large language models LLMs have seen widespread adoption in many domains including digital forensics. While prior research has largely centered on case studies and examples demonstrating how LLMs can assist forensic investigations, deeper explorations remain limited, i.e., a standardized approach...
Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver
CVE-2025-31324 Zero-Day SAP Vulnerability & Compromise Assessm...
The remote desktop puzzle. DFIR techniques for dealing with RDP Bitmap Cache
TL;DR How RDP Bitmap Cache can reveal user activity No RDP logs? How can we reconstruct RDP activity? How cached tiles can uncover insider threats Introduction A lot of people are aware of RDP and what its functions are. It’s known for providing remote access and making life easier for...
Unallocated space analysis
TL;DR Unallocated space retains remnants of deleted files, metadata, logs, caches, and other artefacts. This is useful if a user attempts to cover their tracks, delete files, reformat drives, or use anti-forensic tools. These remnants can help reconstruct user actions exposing data exfiltration...
Bytesrevealer - Online Reverse Enginerring Viewer
Bytes Revealer is a powerful reverse engineering and binary analysis tool designed for security researchers, forensic analysts, and developers. With features like hex view, visual representation, string extraction, entropy calculation, and file signature detection, it helps users uncover hidden...
Mobius Forensic Toolkit 2.14
Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools...
5 Identity Threat Detection & Response Must-Haves for Super SaaS Security
Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS...
How Garmin watches reveal your personal data, and what you can do
TL;DR A walk-through of obtaining sensitive data from a Garmin watch using forensic techniques How digital forensics on a Garmin watch helped solve a double murder case A comparison of Garmin's privacy with other brands including Fitbit, Apple, and Samsung Understand the security and privacy...