A round-up of this week’s digital forensics news and views:
Digital Forensics Expert Offers Guidance on Starting DF Business
Patrick Siewert provides comprehensive advice for aspiring digital forensics entrepreneurs in the first part of a three-part series on starting a digital forensic business. He emphasizes the importance of choosing a clear, professional company name, carefully selecting target clientele, and establishing solid business foundations including mission statements and proper legal structures. Siewert warns against common pitfalls like taking on undesirable clients and reveals that major forensic tool providers make their products deliberately expensive and difficult for private practitioners to access, often due to pressure from their primary law enforcement customers.
Read more (dfirphilosophy.blogspot.com)
Hashcat v7.0.0 Released with Major Performance Improvements
Hashcat releases version 7.0.0 after two years of development, featuring over 900,000 lines of code changes and contributions from 105 developers. Major new features include an Assimilation Bridge for integrating external resources, Python Bridge Plugin for rapid hash-matching implementation, and hash-mode autodetection. Performance improvements include up to 320% speed increases for scrypt and major optimizations for NTLM and NetNTLMv2, while 58 new application-specific hash types have been added including support for Argon2, MetaMask, and LUKS2.
OWASP Releases GenAI Incident Response Guide 1.0
OWASP GenAI Security Project releases its first comprehensive incident response guide for security practitioners dealing with GenAI application incidents. Created by a panel of experts from the project’s CTI Initiative, the guide provides guidelines and best practices without requiring deep GenAI knowledge. It aims to fill a critical gap in helping security teams respond effectively to incidents involving generative AI systems.
Building the UFADE Touch V1: A Portable iOS Forensics Device
A forensics professional demonstrates how to build an affordable portable backup system called “UFADE Touch” using a Raspberry Pi 4B, 7-inch touchscreen, and specialized cooling components. Components cost around €175 and include a DSI interface display to preserve USB ports for data sources and drives. Assembly requires minor case modifications and specific configuration changes to Raspbian OS to support the display driver and optimize performance for the 1024×600 resolution screen.
DB Browser Offers Alternative to Spreadsheets for CSV Forensic Analysis
A new video tutorial demonstrates how to use DB Browser for SQLite instead of traditional spreadsheet programs when conducting forensic analysis of CSV files. Sherman Kwok walks viewers through downloading the tool, importing CSV data, and using SQLite commands for sorting, filtering, and formatting data. The tutorial covers basic to intermediate techniques including regular expression filtering for more efficient data analysis.
machofile Tool Released for Mach-O Binary Analysis
Security researcher Pasquale Stirparo releases machofile, a new Python module designed for parsing Mach-O binary files with a focus on malware analysis and reverse engineering. The self-contained tool works across macOS, Windows, and Linux without dependencies and offers features including header parsing, entropy calculation, symbol extraction, and code signature analysis. Stirparo developed the initial version after attending Patrick Wardle’s macOS malware class, spending nearly two years refining the tool before its official release.
Cybersecurity Expert Releases Memory Forensics Dataset for Malware Research
Daniel Jeremiah releases a comprehensive memory forensics dataset featuring controlled attack scenarios on Windows 10 systems for cybersecurity research and training. Six distinct scenarios cover process injection, credential dumping, Cobalt Strike beacons, and various remote access trojans including AsyncRAT and MasonRAT. Each scenario includes detailed memory dumps, attack characteristics, and evasion techniques designed for analysts to practice using tools like Volatility and YARA. Cases range from unknown infections to targeted intrusions, providing varied complexity levels for students, analysts, and researchers developing memory analysis workflows.
