What if a ransomware variant decided to demand a subscription style payment?
Every organic profession begs the responsibility of staying up-to-date on new trends and expanding one's knowledge as far outward as possible. This is unconditionally true with the health, legal, engineering, and more specifically for our purposes the DFIR, realms. However, a question has been bouncing around in my head, not about this universal truth, but... Continue Reading →
We are all aware that Digital Forensics, like most other fields, has many misconceptions ingrained in its daily work. The immense separation between the technical knowledge and the general public creates an overwhelming disconnect that I believe should be worked on. With the hopes of closing this separation, here is quick answer to a common... Continue Reading →
Unabridged and vastly underestimated, often is the potentially dense quality of indirect digital forensic data. Sometimes the most prime sources of information lays not within an event's data, but the data that is produced --about-- the data. What is Metadata and why is it important? The shorthand answer: Metadata is informational data/statistics/descriptors of other pieces of... Continue Reading →
Is it alright if my company's IT employees perform initial forensic work so I can save money? Review what the best practice is.
Along my hunt for useful forensic data stored within everyday Windows 10 store applications, I decided to take a look at the popular application "Netflix". Although the locally stored data I found doesn't necessarily have adequate standalone forensic use, some user-action related data does exist. Findings:The Windows 10 store application 'Netflix' can be found under a... Continue Reading →
Can you tell if a USB storage drive was plugged into a specific computer? Data exfiltration --and introduction-- through USB storage devices can be a plausible concern in an overabundance of situations. Whether an employee is leaving your company, new malware found its way onto your system, or you just want to see if any... Continue Reading →
Quick, how do I find all user accounts on a Windows PC and their login count? Sometimes you might need to find what user accounts exist on a system, and other times it could just help narrow down your work. Regardless, it is always beneficial to know as much case background information as... Continue Reading →