Forensics StartMe Updates (5/1/2023)

Skip to main content

Search This Blog

Forensics StartMe Updates (5/1/2023)

Posted by Kevin Pagano May 01, 2023

Get link
Facebook
X
Pinterest
Email
Other Apps

Shortlink: startme.stark4n6.com

If people have suggestions for additions please feel free to shoot me a message on Twitter (@KevinPagano3) or Mastodon.

Blog Feed

DFIR_NZ - Ian D

DFIR YouTube Feed

Forensic Tools

FEX Imager - GetData Forensics

SIDR - Search Index Database Reporter

Timesketch - Collaborative forensic timeline analysis

Network / Cloud Tools

Microsoft-Extractor-Suite - PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes

Other Utilities

OSFClone - PassMark

OSFMount - PassMark

PE / Malware Tools

Noriben - Portable, Simple, Malware Analysis Sandbox

SANS Posters & Other Cheat Sheets

iOS Forensics References - RealityNet

Useful Links

SANS Blue Team Wiki

StartMe updates

Get link
Facebook
X
Pinterest
Email
Other Apps

Archive

December 20241
October 20241
May 20241
April 20242
March 20244
February 20241
January 20243
December 20231
October 20233
September 20232

Show more Show less

Popular Posts

StartMe Up (Forensic Edition)

As part of my own benefit I created a Start.Me page for a bunch of FOSS forensic tools and utilities that I currently have in my toolkit. I've also included RSS feeds for blogs I follow as well as YouTube channels and some other links to sites I frequent. You can access it at startme.stark4n6.com or preview it below (embedding on Blogger isn't the best). If anyone has suggestions on more items to add or links please feel free to reach out to me on Twitter @KevinPagano3 . *Cues The Rolling Stones*

Cellebrite CTF 2021 - Heisenberg's Android

Cellebrite is back with another CTF competition and this year's takes it up a notch. I want to start by giving major props to Heather, Paul, Ronen, Sahil and Ian for putting on a great competition . Now lets get started with the walkthroughs. First up, is the Samsung Note 10 owned by "Heisenberg". Evidence : https://d17k3c8pvtyk2s.cloudfront.net/CTF21/CTF21_Heisenberg_SM-N970U1_QualcommLive_2021-07-22.zip Password : 02DB2ECE91DB67E8FA939FC3DC15D16B Device Identification (10 points) What is the Bluetooth MAC Address of the first vehicle Heisenberg's Android connected to? Pulled from the file at the following path: Dump\data\misc\bluedroid\bt_config.conf We get bluetooth connections which we can easily see in the ALEAPP report below that the answer was " 34:C7:31:F8:61:3B ". Figure 1: Bluetooth connections report in ALEAPP Application Analysis (10 Points) Which website did Heisenburg look for guidance on how to mount a USB drive on his phone? (The answer sh...

Magnet User Summit 2023 CTF - Android (Part 1)

Previous: Cipher | Android (Part 2) I was a bit anxious to get my hands on a new Android image because it's one of my favorite types of evidence to examine. This year's onsite Magnet User Summit CTF used another Pixel image with a plethora of questions to answer. As such I have broken the writeup into two parts, the first covering 21 questions ranging from 5-10 points. The second covers 18 questions ranging from 15-75 points. Here is part one: Evidence: Google Pixel 3a XL Tools Used: ALEAPP v3.1.7 Magnet AXIOM v7.0 Timeline Explorer v1.3.0.0 So much social media... Need a good handle... (5 points) What username was used for Twitter? This information can be found in two locations: data\system_ce\0\accounts_ce.db data\system_de\0\accounts_de.db Both show listings for Twitter authentication. We can see the account name used was " LTina1900 ". Figure 1: Accounts_ce report in ALEAPP Generic web surfing (5 points) What was the default browser used on this device? The devi...

© 2021 STARK 4N6

Powered by Blogger