Vigilance In Action: Monitoring Typosquatting Domains

In today’s digital landscape, cybercriminals are constantly devising new and innovative ways to infiltrate and compromise corporate systems. One such tactic is called typosquatting: the registration of domains that closely resemble a real organization in order to trick users into

SOC Automation: More Secure For Less Cost

Your SOC is on the front line of defending your organization from cyber attacks and they are drowning in a wave of thousands of alerts every single day. This is a serious problem: Inducing high stress and dissatisfaction for analysts

Changing Perceptions Of Large And Complex Investigations

Changing Perceptions of Large and Complex Investigations The perception of what constitutes a “large and complex” investigation has evolved dramatically over the decades. One of the most illustrative examples of this evolution is the Yorkshire Ripper case from the late

How Detego’s Latest Features are Empowering ICAC Investigators

As a seasoned Internet Crimes Against Children (ICAC) investigator with years of experience in conducting investigations and training law enforcement teams, I have witnessed firsthand the challenges that come with combating the exploitation of our most vulnerable population – our

Challenges Of DFIR In Distroless And Other Container Environments

Containerization has changed the way organizations develop and deploy applications. However, the same benefits that make containers attractive, their ephemeral and layered nature, also present unique challenges for Digital Forensics and Incident Response (DFIR) teams. Traditional DFIR Techniques Are Less

The Differences Between Full Disk And Triage Acquisition

In digital forensics, data acquisition is a key first step in the investigation process. For acquiring data from either physical or virtual machines, there are two high-level approaches: full disk acquisition and triage acquisition. Each has its advantages and disadvantages,

Aligning Forensic Investigations To The MITRE ATT&CK Framework

In this blog we’ll explore how the Cado Security platform leverages the MITRE ATT&CK Framework to enhance forensic investigations. By combining ATT&CK’s comprehensive knowledge with Cado’s powerful investigation capabilities, security teams gain deeper insights into attacker behaviour. What is the

From FileVault To T2: How To Deal With Native Apple Encryption

While Apple’s commitment to user privacy and security remains their priority, the field of computer forensics faces a solid challenge when it comes to extracting evidence from encrypted Apple devices. This article provides comprehensive insights into Apple’s native encryption, covering

Unpacking The SEC’s Cybersecurity Disclosure For Incident Response Teams

The Securities and Exchange Commission (SEC) has introduced new rules mandating public companies to report cybersecurity breaches. This highlights the growing importance of cyber security outside of security and IT teams, requiring c-level leadership to be able to quickly understand

Digital Forensics Education, Certification And Training Guide

University Programs Digital forensics training is available in various formats, each with its unique merits and challenges. University programs are one option, offering both undergraduate and postgraduate courses that cater to different levels of expertise and career aspirations. Undergraduate These

OSAC And Standards In The Digital Evidence World

by Steve Johnson AI CLPE, CFA, Standards Ambassador – Organization of Scientific Area Committees (OSAC) for Forensic Science In 1998, as the personal computer and cell phone industry was starting to explode, the Scientific Working Group for Digital Evidence (SWGDE)

Targeted Collections: Balancing Legal Precision And Data Privacy

In this installment of our series exploring the transformative power of Software-as-a-Service (SaaS) architecture in the legal landscape, we delve deep into the art of targeted collections. This crucial component of modern legal data management not only complements our previous

MediaTek Device Extraction With Boot ROM Interface Disabled

by Christoffer Maliniemi, Security Researcher, MSAB Finding that you have a MediaTek device which has its Boot ROM interface disabled land on your desk? Access to MediaTek’s Boot ROM interface is the best way to extract the maximum amount of