The Most/Recent Articles

Showing posts with label download. Show all posts
Showing posts with label download. Show all posts
snapshots

Daily Blog #797: Azure Snapshot Downloads

Hello Reader,

One of my favorite features in Azure is how easy it is to work with virtual disk snapshots. When you create a snapshot of a virtual disk (VHD), Azure lets you generate a direct download link for the raw disk—no extra steps needed.

Compare that to other cloud platforms:

  • In AWS, I have to use tools like coldsnap

  • In Google Cloud, I need to convert the snapshot into an image first
    But with Azure, it just works.

Want to try it yourself? Here’s how:

 Steps to Export a Snapshot in Azure

  1. Create a Snapshot
    Choose the storage or OS disk you want to analyze.


     

  2. Select "Full Snapshot" otherwise you'll only get recent changes and your forensic tools can't parse it.


     

  3. Click "Export Snapshot"


     

  4. Click "Generate URL"
    Azure will create a temporary, signed URL for direct download that will live for one hour. Want it to last longer just add zeros to the expires time.


     

Use your favorite download tool to grab the file. I usually go with azcopy for speed and reliability.


Also Read: Using AI's to help you with EDR searches


Read More
test kitchen

Daily Blog #756: Forensic test kitchen, using the AWS CloudTrail Downloader v2!

 


Hello Reader,

Today I decided to do a live demonstration of how the AWS CloudTrail Downloader v2 from our FOR509 class works! So I fired it up and showed off all the new features like AWS profile support and most importantly resume functionality! I hope you like it!

 


Read More
windows 7

Daily Blog #466: Forensic Lunch Test Kitchen 8/28/18 - Creation of ObjectIDs

Creation of ObjectIDs by David Cowen - Hacking Exposed Computer Forensics Blog



Hello Reader,
            Another Test Kitchen has been recorded. If you want to catch these live I can't promise any particular broadcast time as I do these when I have time, but if you subscribe to my Youtube channel (https://www.youtube.com/user/LearnForensics) you will get notifications whenever I do go live.

This Test Kitchen I did more experimentation with the creation of ObjectIDs when saving files from browsers to the Downloads directory with surprising results! It turns out that:

  • Saving a text file in Chrome to the downloads directory will create an ObjectID and a LNK file even without opening the file
  • Saving a text file in Firefox to the Downloads directory will create a LNK file but will not populate the ObjectID attribute. 
  • Saving executable files in both browsers will create Zone.Identifier alternative data streams as Phill Moore researched prior but will not create ObjectIDs or LNK files. 

Want to see and learn more? Watch the video below:


Read More
Subscribe to: Posts ( Atom )