-
Oct 31, 2017
After the CCleaner incident, a lot of friends and colleagues asked me a good alternative to the Piriform's tool. From my point of view, a good alternative could be BleachBit. BleachBit is open source, and its designed for Linux and… read more »
-
Oct 30, 2017
Researchers at Kaspersky Lab has discovered that some victims may be able to recover their files without paying any ransom. The discovery was made by that analyzed the encryption functionality implemented by the ransomware: the Bad Rabbit leverages the open… read more »
-
Oct 25, 2017
Spreads via network, currently hits Russia, Ukraine, Germany, Japan, and Turkey A variant of Petya/NotPetya/EternalPetya called BadRabbit and probably prepared by the same authors has infected several big Russian media outlets. BadRabbit uses SMB to propagate laterally with a hardcoded… read more »
-
Oct 23, 2017
SID is one of the core data structures in the NT security infrastructure A Security Identifier (commonly abbreviated SID) is a unique, immutable identifier of a user, user group, or other security principal. A security principal has a single SID… read more »
-
Oct 20, 2017
On Windows systems, event logs contains a lot of useful information about the system and its users. Depending on the logging level enabled and the version of Windows installed, event logs can provide investigators with details about applications, login timestamps for… read more »
-
Oct 19, 2017
Release the KRACKen! Security researcher Mathy Vanhoef has discovered several vulnerabilities in the core of WPA2 protocol that could allow an attacker to hack into a Wi-Fi network and eavesdrop on the Internet communications. WPA2 is a authentication scheme widely used… read more »
-
Oct 18, 2017
Windows registry contains information that are helpful during a forensic analysis Windows registry is an excellent source for evidential data, and knowing the type of information that could possible exist in the registry and location is critical during the forensic analysis… read more »
-
Oct 16, 2017
Amcache and Shimcache can provide a timeline of which program was executed and when it was first run and last modified In addition, these artifacts provide program information regarding the file path, size, and hash depending on the OS version. Amcache… read more »