Friday, May 9, 2014

Daily Blog #320: Forensic Lunch 5/9/14

Hello Reader,
      We had a great Forensic Lunch this week! Our guests this week (in order of appearance):

Mari DeGrazia, @maridegrazia, talking about her research into the Thunderbird email client, its variations and the tool she has put out to work with it. You can read her post about this on her blog as well as grab the tool here: http://az4n6.blogspot.com/2014/04/whats-word-thunderbird-parser-that-is.html

Hal Pomeranz, @halpomeranz, talking about his research into Encrypted iTunes backups. How to extract out whats contained within them and when they were made, very cool stuff. Here are the links Hal mentioned:
Stack overflow discussion of the manifest.mbdb file:
http://stackoverflow.com/questions/3085153/how-to-parse-the-manifest-mbdb-file-in-an-ios-4-0-itunes-backup

Link to download Hal's tool here:
https://github.com/halpomeranz/mbdbls

Lucas Zaichkowsky, @LucasErratus, from AccessData talking about his work there and a new reveal of their unified cybersecurity/response/forensics platform. Very cool stuff that I didn't realize they were already viewing. I'll have to get a better understanding of this technology!

You can watch it below: