Tuesday, December 16, 2014

SANS Webcast and PFIC Slides/Labs

Hello Reader,
        If you attended my session at PFIC hopefully you already took these labs with you, if not I'll be linking them down below. For those of who attended my SANS webcast today I hope you found it useful! Now you can try it yourself.

If you didn't attend either I'll explain what's contained within. I presented on how to do USN Journal Analysis using the free version of our tool Triforce ANJP to:
  • Recover the names of wiped files
  • Prove what was uploaded and downloaded from Dropbox
  • Show what attachments were accessed from Outlook 2007 and greater
and more analysis tips. Hopefully you'll find it helpful!

Link to SANS webcast:
https://www.sans.org/webcasts/hands-on-usn-journal-analysis-99177

First here are the slides from today's webcast:
https://mega.co.nz/#!WgwhmKYb!JhwWvGLlug9T0yCU6dlR29S23fx0up2M_LL3Aml6q24

Link to download the sample evidence to do the labs from today's webcast:
https://mega.co.nz/#!3pwmDLzZ!IFUw9rBm2-0Kryu_ASBxKIcFnQSdCNQl7uRyG4DpHvQ

Download Triforce ANJP here:
https://www.gettriforce.com

Forensic Lunch 12/12/14 - Shellbags continued

Hello Reader,
     Eric Zimmerman returned this week to join us on the Forensic Lunch talking about his research into Shellbags and his tool Shellbag Explorer. Also this week Lee Whitefield joined us to talk about the Sony breach and Matthew and I previewed the tools coming out of our lab here at G-C Partners, LLC.

Give it a watch below: