tag:blogger.com,1999:blog-1466903740262764947.comments2023-12-28T03:01:49.774-06:00Hacking Exposed Computer Forensics BlogDavid Cowenhttp://www.blogger.com/profile/17629115910611763170noreply@blogger.comBlogger168125tag:blogger.com,1999:blog-1466903740262764947.post-39689929476363283942023-06-02T05:35:03.857-05:002023-06-02T05:35:03.857-05:00Nice post thank you JustinNice post thank you JustinAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-74161785060982394522022-12-20T07:14:33.408-06:002022-12-20T07:14:33.408-06:00Thank you! Let me ask you something, macOS Ventura...Thank you! Let me ask you something, macOS Ventura does not allow querying the system context knowledgeC database. Is there another way?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-52867629965240274902022-08-17T07:09:58.870-05:002022-08-17T07:09:58.870-05:00Thanks for the interesting post, keep continue you...Thanks for the interesting post, keep continue your good job.<br /><br><br><br /><a href="https://www.learnitguide.net/2018/02/devops-tutorial-for-beginners-online.html" rel="nofollow" title="DevOps Full Course Tutorial for Free, DevOps Tutorial for Beginners">DevOps Full Course Tutorial for Free, DevOps Tutorial for Beginners</a><br><br /><a href="https://www.learnitguide.net/2018/10/kubernetes-tutorial-for-beginners.html" rel="nofollow" title="Kubernetes Full Course Tutorial for Free, Kubernetes Tutorial for Beginners">Kubernetes Full Course Tutorial for Free, Kubernetes Tutorial for Beginners</a><br><br /><a href="https://www.learnitguide.net/2018/06/ansible-tutorial-for-beginners-online.html" rel="nofollow" title="Ansible Full Course Tutorial for Free, Ansible Tutorial for Beginners">Ansible Full Course Tutorial for Free, Ansible Tutorial for Beginners</a><br><br /><a href="https://www.learnitguide.net/2018/09/docker-tutorial-for-beginners-online.html" rel="nofollow" title="Docker Full Course Tutorial for Free, Docker Tutorial for Beginners">Docker Full Course Tutorial for Free, Docker Tutorial for Beginners</a><br><br /><a href="https://www.learnitguide.net/2017/09/openstack-tutorial-for-beginners.html" rel="nofollow" title="Openstack Full Course Tutorial for Free, Openstack Tutorial for Beginners">Openstack Full Course Tutorial for Free, Openstack Tutorial for Beginners</a><br><br /><a href="https://www.learnitguide.net" rel="nofollow" title="Learn Linux, DevOps and Cloud">Learnitguide.net</a><br>Adminhttps://www.blogger.com/profile/07006377078194934298noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-37810899912537223522020-05-11T11:17:57.675-05:002020-05-11T11:17:57.675-05:00I am finding something very similar in terms of ve...I am finding something very similar in terms of very few artefacts. I wonder if this has been an improvement on their end in terms of security-by-design.TJLhttps://www.blogger.com/profile/12183086251595647437noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-41563761370407108642019-08-17T07:49:37.935-05:002019-08-17T07:49:37.935-05:00CTF site is down?CTF site is down?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-31473191143168793512019-08-15T13:33:48.687-05:002019-08-15T13:33:48.687-05:00never mind, I misunderstood how to submit the flag...never mind, I misunderstood how to submit the flags. so confusing...Anonymoushttps://www.blogger.com/profile/04007634352886101254noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-86286940023369866282019-08-15T13:28:34.722-05:002019-08-15T13:28:34.722-05:00hey, I'm not sure if I missed something, but t...hey, I'm not sure if I missed something, but the memory image provided doesn't seem to correspond to the ctf questions for the Memory Forensics section. I get "incorrect" for the Sha1 hash, profile, PID of notepad.exe even though I'm looking right at these values.Anonymoushttps://www.blogger.com/profile/04007634352886101254noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-88174158659092069562019-08-13T23:35:33.631-05:002019-08-13T23:35:33.631-05:00any writeups?any writeups?Lee Weihttps://www.blogger.com/profile/00974259560073904012noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-61317968824836518942019-04-12T15:54:12.850-05:002019-04-12T15:54:12.850-05:00Basic - Desktop > UTC Offset (2)
What was the t...Basic - Desktop > UTC Offset (2)<br />What was the timezone offset at the time of imaging?<br /><br />where is the evidence for this? i don't see it inside MUS-CTF-19-DESKTOP-001.E01.txtLee Weihttps://www.blogger.com/profile/00974259560073904012noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-14900609549335767412019-04-12T15:52:13.940-05:002019-04-12T15:52:13.940-05:00i wasn't able to bitlocker decrypt the secret ...i wasn't able to bitlocker decrypt the secret .vhd on my host running Windows 7 (i managed to do it on my other host running Windows 10), was someone else able to do it on Windows 7?Lee Weihttps://www.blogger.com/profile/00974259560073904012noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-4395923258880547732019-04-12T15:49:56.586-05:002019-04-12T15:49:56.586-05:00Activity > Sharepoint 4 (5)
Which was retrieved...Activity > Sharepoint 4 (5)<br />Which was retrieved from the sharepoint first?<br /><br />where is the evidence for this?Lee Weihttps://www.blogger.com/profile/00974259560073904012noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-59313612102880735612019-04-12T15:46:40.147-05:002019-04-12T15:46:40.147-05:00Mobile > Time Zone (10)
What time zone was the ...Mobile > Time Zone (10)<br />What time zone was the phone in on Dec 9th?<br /><br />answer is purely based on roaming SMS text messages received, yes?Lee Weihttps://www.blogger.com/profile/00974259560073904012noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-90693785850324307682019-04-12T15:45:13.907-05:002019-04-12T15:45:13.907-05:00Mobile > App Download Methods (10)
Which of the...Mobile > App Download Methods (10)<br />Which of the following apps was NOT downloaded from Google Play?<br /><br />where is the evidence for YouTube found?Lee Weihttps://www.blogger.com/profile/00974259560073904012noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-3571324070961706982019-04-12T15:35:11.083-05:002019-04-12T15:35:11.083-05:00Mobile > Analysis (15)
What country was the mob...Mobile > Analysis (15)<br />What country was the mobile device owner in when reading a document that was "IN MEMORY OF MOE"? <br /><br />where is the actual document file located - in mobile or takeout? exact filepath?<br />Lee Weihttps://www.blogger.com/profile/00974259560073904012noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-20438503834645472822019-04-09T20:34:37.814-05:002019-04-09T20:34:37.814-05:00Daily Blog 659 Challenge Question Answer:
Question...Daily Blog 659 Challenge Question Answer:<br />Question: <br />For Dropbox Audit logs what all data can you determine about someone who was logged in?<br />What allows you to unique identify a file?<br />Answer:<br />Dropbox Audit Logs or Activity Logs are a feature of the Dropbox business accounts. The Advanced Team accounts include file level Audit logs as a part of the paid service. These logs are accessible from the Account Console which available the account administrator or administrators. The console provides very detailed information about team member’s usage of the account and nearly all facets of the members’ interactions are recorded and can be reviewed. The following items can be viewed in the Console of an advanced account regarding FILES:<br />Added a file<br />Added a file to their Dropbox<br />Added a file to their Dropbox (non-team member)<br />Added a folder<br />Allowed anyone to view links to files in a shared folder<br />Allowed file request emails for the team<br />Allowed non collaborators to view links to files in a shared folder<br />Allowed only team members to view links to files in a shared folder<br />Changed a file request<br />Closed a file request<br />Copied a file<br />Copied a file to their Dropbox<br />Copied a file to their Dropbox (non-team member)<br />Copied a folder<br />Created a link to a file using an app<br />Created a new file request<br />Deleted a file<br />Deleted a file comment<br />Deleted a folder<br />Disabled file requests<br />Downloaded a file (non-team member)<br />Downloaded files<br />Edited files<br />Enabled file request emails for everyone<br />Enabled file requests<br />Failed to delete some files remotely<br />File added to a showcase<br />File downloaded (non-team member) from a showcase<br />File downloaded (team member) from a showcase<br />File in showcase viewed by non-team member<br />File in showcase viewed by team member<br />File removed from a showcase<br />Liked a file comment<br />Made a file viewable only to members of the file<br />Made a file viewable only to team members with the link<br />Made a file viewable to anyone with the link<br />Moved a file<br />Moved a folder<br />Multiple files downloaded (non-team member) from a showcase<br />Multiple files downloaded (team member) from a showcase<br />Opened a file (non-team member)<br />Prevented non-team members from viewing links to files in a shared folder<br />Previewed files<br />Received files via file request<br />Received files via file request<br />Renamed a file<br />Renamed a folder<br />Requested access to a file (non-team member)<br />Resolved a file comment<br />Restored a file<br />Restored a folder<br />Restored a resolved file comment<br />Reverted files to a previous version<br />Rolled back file changes<br />Subscribed to file comment notifications<br />Successfully deleted some files remotely<br />Unliked a file comment<br />Unsubscribed from file comment notifications<br /><br />Additionally, the audit logs maintain information about the users themselves. An administrator can see the following regarding member uses:<br />The date and time of the event<br />The member who initiated the event<br />The details of the event<br />The location in the form of an IP address of the team member<br />The logs detail who are the active team members of the last 28 days, the number of shared folders over the last 28 days, how much storage space is used, the number of links created, and a log of what devices are accessing the account over the previous 28 days. From the console you can also monitor password changes, sign ins, connected apps, changes in sharing, changes in groups, and changes in membership. <br /><br />The files specific path and file name along with the connected user interactions would allow an administrator to identify a file in the log data.<br /><br />The information for this initial and feeble attempt at an answer was gathered from poking around the internet and reading Dropbox.com helps files, Dropboxforum posts and two blogs written by “Kevin” on metadatum.wordpress.com (who actual cites the author of this challenge in his 2013 post about Dropbox forensics.) <br />Michaelhttps://www.blogger.com/profile/16772686342450415351noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-39545804457368794782019-04-04T02:42:30.741-05:002019-04-04T02:42:30.741-05:00Nice blog, keep more updates about this type of in...Nice blog, keep more updates about this type of information. Visit for the best Website Designing and Development Company in Delhi.<br /><a href="https://www.ogeninfo.com/website-designing" rel="nofollow">Top 5 Website Designing Company in Delhi</a>OGEN Infosystem (P) Limitedhttps://www.blogger.com/profile/16785546439044621384noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-10572393638377788462019-02-27T08:58:22.253-06:002019-02-27T08:58:22.253-06:00Yep, I am here almost 24/7 :)
Will be more than h...Yep, I am here almost 24/7 :)<br /><br />Will be more than happy to join your podcast and run as deep into the details as needed!Vladimir Katalovhttps://www.blogger.com/profile/02636210817794629882noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-38491288376540339322019-02-26T22:47:41.349-06:002019-02-26T22:47:41.349-06:00Hi Vladimir!,
Glad to see you are still active and...Hi Vladimir!,<br />Glad to see you are still active and around. I'd love to have you come on the podcast again and talk about Elcomsoft's work on this and where all the special magic is in the process!David Cowenhttps://www.blogger.com/profile/17629115910611763170noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-32050489050919680722019-02-26T11:20:06.183-06:002019-02-26T11:20:06.183-06:00Hi David,
Thanks for reviewing out Toolkit!
Yes,...Hi David,<br /><br />Thanks for reviewing out Toolkit!<br /><br />Yes, you actually CAN create rhe .tar without any third party software - you only need to be familiar with ssh and tar. Just make sure that device does not lock durjng the acquisition, otherwise some file will not copy. So you have to disable auto-lock feature, or (if it is not possible, e.g. for some managed devices) touch the screen regularly. Or use the Toolkit that solves this problem :)<br /><br />Also, please pay attention ti keychain decription - thag is what you cannot do manually. We do decrupt all the items, including ones with ThisDeviceOnly attribute (so not available from backup). A lot of interesting things there :)Vladimir Katalovhttps://www.blogger.com/profile/02636210817794629882noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-41634491370866123592019-01-30T19:01:52.979-06:002019-01-30T19:01:52.979-06:00Noon ct!Noon ct!David Cowenhttps://www.blogger.com/profile/17629115910611763170noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-14970752346733440412019-01-30T11:45:21.117-06:002019-01-30T11:45:21.117-06:00refresh my memory on the time, noon ET? noon CT?refresh my memory on the time, noon ET? noon CT?Jimhttps://www.blogger.com/profile/17386752616574780435noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-38373374062956921172019-01-29T20:50:20.661-06:002019-01-29T20:50:20.661-06:00If you drank every time you heard the word Bias yo...If you drank every time you heard the word Bias you might not make it to the end of the gameDavid Cowenhttps://www.blogger.com/profile/17629115910611763170noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-64849284156689782602019-01-29T16:36:23.682-06:002019-01-29T16:36:23.682-06:00I see the makings of either a drinking game or buz...I see the makings of either a drinking game or buzzword bingoJimhttps://www.blogger.com/profile/17386752616574780435noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-42778210600241305782019-01-20T09:38:10.828-06:002019-01-20T09:38:10.828-06:00Awesome research!Awesome research!reverseorderhttps://www.blogger.com/profile/06502989141912721863noreply@blogger.comtag:blogger.com,1999:blog-1466903740262764947.post-19629346682369359452019-01-16T12:29:41.436-06:002019-01-16T12:29:41.436-06:00Behaviors such as enabling the 'Logging Disabl...Behaviors such as enabling the 'Logging Disabled' toggle, disabling the 'logging disabled'; then restarting explorer.<br />-3yncAnonymousnoreply@blogger.com