Episodi
-
In the final episode of Chewing the FAT, Phil & Adam discuss bringing Chewing the FAT to a close, plus we run through some of the recent Digital Forensics industry news.
Phil & Adam also introduce their new podcast Forensics Reformatted where you can continue to be conscious of time.
SANS - Truth about USB and Disk Drive serial numbers
https://www.sans.org/blog/the-truth-about-usb-device-serial-numbers/
Github - DFIR Community Book
https://github.com/Digital-Forensics-Discord-Server/CrowdsourcedDFIRBook/
Github - Control-F - MIFT (newly open sourced tool)
https://github.com/controlf/mift
New(ish) Command Line tools for Linux
https://jvns.ca/blog/2022/04/12/a-list-of-new-ish--command-line-tools/
Examining A Malware-Infected Android Phone. This Android Is Not Alright.
https://thebinaryhick.blog/2022/04/09/examining-a-malware-infected-android-phone-this-android-is-not-alright/
The Unified Cyber Ontology Transitions to Linux Foundation
https://cyberdomainontology.org/2021/12/07/UCO-transitions-to-LF.html
Magnet Summit 2022
https://twitter.com/hashtag/MagnetSummit2022?src=hashtag_click
[Air]Tag You're It! - Chris Vance @cScottVance
https://blog.d204n6.com/2022/04/airtag-youre-it.html
GalliumOS - A fast and lightweight Linux distro for ChromeOS devices
https://galliumos.org
What's the Buzz - Bumble on iOS - Kevin Pagano
https://www.stark4n6.com/2022/04/whats-buzz-bumble-on-ios.html
CWA:
Article link
https://www.cencenelec.eu/news-and-events/news/2022/eninthespotlight/2022-04-12-for-mobile/
Download link
https://www.cencenelec.eu/media/CEN-CENELEC/CWAs/RI/cwa17865_2022.pdf
Forensics Reformatted - The new show:
https://anchor.fm/4n6reformatted
Hosted on Acast. See acast.com/privacy for more information.
-
In episode number 11 of Chewing the FAT, Phil & Adam discuss Finding Flags and Pulling Pints with special guest Kevin Pagano! plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.
Due to the amount of news and links please view the description on our YouTube Page for full links:
Chewing the FAT - YouTube
Formobile:
https://formobile-project.eu/
Hosted on Acast. See acast.com/privacy for more information.
-
Episodi mancanti?
-
In episode number 10 of Chewing the FAT, Phil & Adam discuss Formobile & Forensic Freebies with special guest Phil Cobley! plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.
Due to the amount of news and links please view the description on our YouTube Page for full links:
Chewing the FAT - YouTube
Formobile:
https://formobile-project.eu/
Hosted on Acast. See acast.com/privacy for more information.
-
In episode number 9 of Chewing the FAT, Phil & Adam discuss ribbons, RabbitHoles and rock with special guest Alex Caithness plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.
Alex Caithness:
Shouty Band
Sailing Stones | LongFallBoots (bandcamp.com)
RabbitHole:
RabbitHole | CCL Solutions Group
CCL GitHub:
https://github.com/cclgroupltd
Music:
Oscillator Sink - YouTube
INDUSTRY NEWS:
Microsoft Mitigate Record Breaking 3.47 Tbps DDoS on Azure Customers:
https://thehackernews.com/2022/01/microsoft-mitigated-record-breaking-347.html
Using Graphics Card Fingerprints to Identify Web Users:
https://thehackernews.com/2022/01/your-graphics-card-fingerprint-can-be.html
DFIR Artifact Museum - Andrew Rathbun Github:
https://github.com/AndrewRathbun/DFIRArtifactMuseum
Android ABX - Binary XML - Alex Caithness (with Alexis Brignoni and Josh Hickman):
https://www.cclsolutionsgroup.com/post/android-abx-binary-xml
Android 12 - Snooping on Android 12's Privacy Dashboard - Josh Hickman:
https://thebinaryhick.blog/2022/01/22/snooping-on-android-12s-privacy-dashboard/
Android Airtags - Josh Hickman:
https://thebinaryhick.blog/2022/01/08/androids-airtags-oof/
FireFox on Android - Kevin Pagano:
https://www.stark4n6.com/2022/01/firefox-on-android-cookies-permissions.html
Intro to Windows Registry Artifact Analysis - TryHackMe Walkthrough - TryHackMe (Joshua James - DFIR Science):
https://tryhackme.com/room/windowsforensics1
Decrypting Secret Calculator Vault - The Incidental Chew Toy:
https://theincidentalchewtoy.wordpress.com/2022/01/27/decrypting-secret-calculator-photo-vault/
Please see YouTube for all other links:
Hosted on Acast. See acast.com/privacy for more information.
-
In episode number 8 of Chewing the FAT, Phil & Adam discuss turning up and following through with special guest Andrew Rathbun plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.
Featured topics:
Andrew Rathbun section:
Connect with me:
https://twitter.com/bunsofwrath12
https://www.linkedin.com/in/andrewrathbun/
Digital Forensics Discord Server
https://aboutdfir.com/a-beginners-guide-to-the-digital-forensics-discord-server/
AboutDFIR
https://aboutdfir.com
Andrew’s Current GitHub Projects:
https://github.com/AndrewRathbun/VanillaWindowsRegistryHives
https://github.com/AndrewRathbun/VanillaWindowsReference
https://github.com/nasbench/EVTX-ETW-Resources
https://github.com/AndrewRathbun/DFIRRegex
https://github.com/AndrewRathbun/DFIRMindMaps
https://github.com/AndrewRathbun/DirectoryOpus-DFIRConfig
https://github.com/AndrewRathbun/EventTranscript.db-Research
KAPE Related GitHub Repositories:
https://github.com/AndrewRathbun/Awesome-KAPE
https://github.com/AndrewRathbun/KAPE-EZToolsAncillaryUpdater
https://github.com/EricZimmerman/KapeFiles
https://github.com/EricZimmerman/SQLECmd
https://github.com/EricZimmerman/evtx
https://github.com/EricZimmerman/RECmd
https://github.com/AndrewRathbun/ForensicImageKAPEOutput
Digital Forensics Discord Server GitHub Repositories:
https://github.com/Digital-Forensics-Discord-Server/GitHubLearningPlayground
https://github.com/Digital-Forensics-Discord-Server/LawEnforcementResources
https://github.com/Digital-Forensics-Discord-Server/DFIRGlossary
-----------------------------
Open Source Digital Forensic Conference:
https://www.osdfcon.org/
Using ArtEx to conduct an extraction of a jailbroken iPhone - Ian Whiffin:
https://doubleblak.com/blogPosts.php?id=26
Log4j - Rob Berends:
https://www.linkedin.com/feed/update/urn:li:activity:6876120706095058944
Log4j:
https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html
SANS Cyber Threat Intelligence Conference:
Join us for the FREE Virtual Cyber Threat Intelligence Summit 2022!
Logo-ls A new GitHub repo that combines the Linux LS CMD with logos and icons:
https://github.com/Yash-Handa/logo-ls?utm_source=tldrnewsletter
Josh Hickman, The Binary Hick - Android 12 Image:
https://thebinaryhick.blog/2021/12/17/android-12-image-now-available/
Kevin Pagano - Stark4N6 - Forensic4Cast Nominations:
https://www.stark4n6.com/2021/12/my-2022-forensic-4cast-awards.html
Forensic4Cast Nomination Page:
https://docs.google.com/forms/d/e/1FAIpQLScX-pt0uo9_0GUv-AG-ty7Ya8bZzdRlW8-eP3oABHCsSCQrGQ/viewform
FORMOBILE:
https://formobile-project.eu/
Hosted on Acast. See acast.com/privacy for more information.
-
In the seventh episode of Chewing the FAT, Phil & Adam discuss Mental Health and Working within Digital Forensics plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.
Featured topics:
Sarah Edwards - Apple Pay & Wallet:
https://objectivebythesea.com/v4/talks/OBTS_v4_sEdwards.pdf
Josh Hickman iOS 15 Powered off tracking and remote wipe & XML Binary findings:
https://thebinaryhick.blog/2021/10/27/ios-15-powered-off-tracking-remote-bombs/
https://twitter.com/josh_hickman1/status/1456730376030859265
Ian Whiffin - Geofences & Metadata Adjustment:
https://www.doubleblak.com/m/blogPosts.php?id=22
https://www.doubleblak.com/m/blogPosts.php?id=23
Frida & Use case by Christine Fossaceca:
https://objectivebythesea.com/v4/talks/OBTS_v4_cFossaceca.pdf
https://frida.re
DFIR Science - Joshua James:
https://dfir.science/2021/11/WIN-100USD-and-PRIZES-Nov-DFIR-Dev.html
https://www.youtube.com/watch?v=mM4rbFh4rqg&feature=youtu.be
https://swag.dfir.science/listing/DFIR-Stickers-IDFE?product=661
iOS 15 Notes:
https://support.apple.com/en-gb/guide/iphone/iphe4d04f674/ios
Alex Caithness at CCL:
https://github.com/cclgroupltd
Alexis Brignoni - all the LEAPPs
https://abrignoni.blogspot.com/
R:pple Suicide Prevention:
https://www.ripplesuicideprevention.com/
FORMOBILE:
https://formobile-project.eu/
Hosted on Acast. See acast.com/privacy for more information.
-
In the sixth episode of Chewing the FAT, Phil & Adam host special guest Alexis Brignoni l to discuss Coding, Community, & Collaborations plus we run through some of the recent Digital Forensics industry news along with the Faux Pas.
Digital Evidence & the Crime Scene
Paper by Graeme Horsman, exploring the concept of devices being "Digital witnesses", & methodologies & theories regarding scene examination.
https://reader.elsevier.com/reader/sd/pii/S1355030621001295?token=FC1BB7A6B9AD84CDC4B95A9700B00F080FB2220C608BA7EAFB46FA280387E70EC79D7B05C0F9C42CF5D0D370218EAFAC&originRegion=eu-west-1&originCreation=20211013063720
Microsoft releases Linux version of Sysadmin
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-linux-version-of-the-windows-sysmon-tool/amp/
Samsung Power Off Reset Logs & iOS Tracking
Kevin Pagano, who produces the Start.me! While doing the Cellebrite CTF there was a question on Samsung phone battery life, & Kevin created a parser for ALEAPP to parse the power off log files.
https://www.stark4n6.com/2021/10/samsung-power-off-reset-logs.html?m=1
https://www.stark4n6.com/2021/10/restore-log-tracking-ios-update-history.html
Encouraging different perspectives in Digital Forensics
https://www.forensicfocus.com/articles/encouraging-different-perspectives-in-digital-forensics-september-research/
AFF4 Evidential Containers - explained by Magnet
https://www.forensicfocus.com/webinars/the-aff4-evidence-container-why-and-whats-next/
Recognizing people in photos through private on-device machine learning - Apple
https://machinelearning.apple.com/research/recognizing-people-photos
Brignoni on Teaching and Learning Python
https://www.forensicfocus.com/podcast/alexis-brignoni-on-teaching-and-learning-python-why-its-important-and-whats-involved/
Brignoni Blog & YouTube
https://abrignoni.blogspot.com
https://www.youtube.com/c/AlexisBrignoni
Hosted on Acast. See acast.com/privacy for more information.
-
In the fifth episode of Chewing the FAT, Phil and Adam host special guest Tom Farrell QPM l to discuss Online child safety and available automated protection systems plus we run through some of the recent Digital Forensics industry news.
For the fifth Forensic Faux Pas segment to air, special guest Tom shares a great story of ensuring your spoof address is actually spoofed!
Links for some of the content we discussed during the show:
The Binary Hick - Josh Hickman - Detecting Android Factory Reset
https://thebinaryhick.blog/2021/08/19/wipeout-detecting-android-factory-resets/
ProtonMail - iOS application decryption - Matthew Regnery
https://xperylab.medium.com/protonmail-forensic-decryption-of-ios-app-8e9ae9f50953
Apple delays plays to scan your iCloud - BBC
https://www.bbc.co.uk/news/technology-58433647.amp
To
m's response to Apples delay - SafeToNet
https://safetonet.com/en-gb/2021/08/24/apple-continue-to-raise-eyebrows/
ForMobile
This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800.
https://formobile-project.eu/
Hosted on Acast. See acast.com/privacy for more information.
-
In the forth episode of Chewing the FAT, Phil and Adam host special guest Josh Hickman l to discuss Images, Imaging, and Inevitable Investigation Issues plus we run through some of the recent Digital Forensics industry news.
For the forth Forensic Faux Pas segment to air, special guest Josh shares a great story of when he joined Kroll.
Links for some of the content we discussed during the show:
Forensics Start Me Page (DFIR Resource Links) by Kevin Pagano
https://start.me/p/q6mw4Q/forensics
Digital Forensic Research Workshop - CTF
https://dfrws.org/dfrws-2021-challenge/
Windows 365
https://windowsreport.com/windows-365-high-demand/
Apple to scan iPhones for child sex abuse images
https://www.bbc.co.uk/news/technology-58109748>
https://www.apple.com/child-safety/
Josh Hickman Blog
https://thebinaryhick.blog/
Kroll & KAPE
https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape
ForMobile
This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800.
https://formobile-project.eu/
Hosted on Acast. See acast.com/privacy for more information.
-
In the third episode of Chewing the FAT, Phil and Adam host special guest Kevin Mansell to discuss training, certification and competence plus we run through some of the recent Digital Forensics industry news.
For the third Forensic Faux Pas segment to air, special guest Kevin shares a couple of their embarrassing stories of things that went wrong from their days training days.
Links for some of the content we discussed during the show:
ETW on Windows 11 - Initial thoughts
https://blog.tofile.dev/2021/07/01/windows11.html
Hansken - Digital Forensics as a Service?
https://www.sciencedirect.com/science/article/pii/S2666281720300706
https://www.forensicfocus.com/articles/automating-and-sharing-digital-forensics-knowledge-through-hansken/
MSAB Raven
https://www.msab.com/raven/
Resetting Your IoT Device Before Reselling It Isn't Enough
https://gizmodo.com/resetting-your-iot-device-before-reselling-it-isnt-enou-1847220178
New blog from Josh - Find My & iCloud's Throne of Lies
• iCloud location data lies!
• Highlights importance of network isolation during seizure and possession of devices
https://thebinaryhick.blog/2021/06/25/apples-find-my-iclouds-throne-of-lies/
Android Apps with 5.8 Million Installs Caught Stealing User's Facebook Passwords
https://thehackernews.com/2021/07/android-apps-with-58-million-installs.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29
ControlF
https://www.controlf.net/
This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800.
Hosted on Acast. See acast.com/privacy for more information.
-
In the second episode of Chewing the FAT, Phil and Adam host special guest Heather Mahalik to discuss SANS coming together with the leading industry vendors to produce a validation guide plus we run through some of the recent Digital Forensics industry news.
For the second Forensic Faux Pas segment to air, special guest Heather shares a couple of their embarrassing stories of things that went wrong from their early days plus some great stories from our listeners.
Links for some of the content we discussed during the show:
The State of Android Health Data (Part 1) – Garminhttps://thebinaryhick.blog/2021/05/22/the-state-of-android-health-data-part-1-garmin/
https://uploads-ssl.webflow.com/5f02f2c93eab87a6ea84e2f3/60364c14ce5f0e240b78de9c_RabbitHole_DD_2021.pdf
https://www.forensicfocus.com/news/detego-joins-forces-with-msab-in-strategic-digital-forensics-partnership/#:~:text=Detego%C2%AE%20Joins%20Forces%20With%20MSAB%20In%20Strategic%20Digital%20Forensics%20Partnership,-17th%20May%202021&text=Detego%2C%20global%20leaders%20in%20rapid,in%20mobile%20device%20digital%20forensics.
https://www-bbc-co-uk.cdn.ampproject.org/c/s/www.bbc.co.uk/news/business-57050689.amp
https://www.arts.unsw.edu.au/sites/default/files/documents/eSafety-OCSE-pandemic-report-salter-and-wong.pdf
https://news.microsoft.com/en-gb/2021/05/11/microsoft-and-uk-government-make-it-easier-for-public-sector-organisations-to-use-the-azure-cloud/
https://www.sans.org/event/digital-forensics-summit-2021
Six Steps to Mobile Validation – Working Together for the Common GoodA joint effort with collaboration from across several major DF vendors resulted in a joint standards paper being released by SANS shortly afterwards, promoting good practice.
https://www.sans.org/blog/six-steps-to-successful-mobile-validation-paper/
Signal Story:Original claim and reply posted in Dec 2020, about "breaking signal encryption"
https://signal.org/blog/cellebrite-and-clickbait/
21st April 2021, posted new blog outlining vulnerabilities in Cellebrite software.
https://signal.org/blog/cellebrite-vulnerabilities/
Cellebrite response:https://www.cellebrite.com/en/our-mission-remains-clear/
We would like to say a special thanks to the EU Formobile Project for supporting and helping fund this project. Without their support we would not have been able to get this off the ground.
You can visit the Formobile website at: https://formobile-project.eu/
This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800.
Hosted on Acast. See acast.com/privacy for more information.
-
In the first ever episode of Chewing the FAT, Phil and Adam introduce themselves, run through some of the recent Digital Forensics industry news, and share their thoughts on some recently published digital evidence guidance.
For the first Forensic Faux Pas segment to air, Phil and Adam share a couple of their embarrassing stories of things that went wrong from their days in the lab.
Links for some of the content we discussed during the show:
ACPO - https://library.college.police.uk/docs/acpo/digital-evidence-2012.pdfISO 17025 - https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/912389/107_FSR-C-107_Digital_forensics_2.0.pdfForMobile - https://formobile-project.eu/COP Report - https://www.college.police.uk/article/consultation-extracting-data-electronic-devices-releasedCTF Twitter - https://twitter.com/ChewintheFATPodDFIR Twitter # - https://twitter.com/hashtag/dfirForensic Discord Server - https://discord.com/invite/JUqe9EkJosh Hickman - https://thebinaryhick.blog/Heather Mahalik - https://www.cellebrite.com/en/ios-location-artifacts-explained/Jessica Hyde, Magnet Forensics - https://www.magnetforensics.com/blog/ways-to-share-in-dfir/Oleg Afonin, Elcomsoft - https://blog.elcomsoft.com/2021/02/ios-recovery-mode-analysis-reading-ios-version-from-locked-and-disabled-iphones/MSAB - https://www.msab.com/2020/09/17/super-fast-iphone-extraction-times/Belkasoft - https://belkasoft.com/forensic_extraction_of_data_from_mobile_apple_devicesPhill Moore, ThisWeekin4n6 https://thisweekin4n6.com/Android Triage - https://www.andreafortuna.org/2021/04/10/android-triage-a-really-useful-forensic-tool-by-mattia-epifani/Autospy - https://www.cybertriage.com/2021/our-100-unbiased-4cast-awards-nominations/Alexis Brignoni, Realm - https://abrignoni.blogspot.com/search?q=realmMagnet Forensics, Chromebook Acquisition Assistant - https://www.magnetforensics.com/resources/magnet-chromebook-acquisition-assistant/We would like to say a special thanks to the EU Formobile Project for supporting and helping fund this project. Without their support we would not have been able to get this off the ground.
You can visit the Formobile website at: https://formobile-project.eu/
This project has received funding from the European Union's Horizon 2020 - Research and Innovation Framework Programme, H2020-SU-SEC-2018, under grant agreement no. 832800.
Hosted on Acast. See acast.com/privacy for more information.