A round-up of this week’s digital forensics news and views:
BlueMonkey 4n6 (video): Who gained root access on my Linux system? An analysis of sudo logs
An analysis of sudo logs on Linux systems reveals important traces left when the sudo command is run or attempted by users. The analysis covers locating and reading sudo log files, understanding how they track command execution, and distinguishing between authorized and unauthorized access attempts. By examining these logs, users can detect which individuals have gained root access or made failed attempts, providing crucial insight into system security and user activity on Linux environments.
Read More (BlueMonkey 4n6, YouTube)
Favicon Forensics: hunting phishing sites with Shodan
Phishing attacks are becoming increasingly sophisticated, with cybercriminals creating near-identical copies of legitimate websites. Investigators are now using a novel approach by leveraging favicon hashes to detect these threats. Favicons, small icons displayed in browser tabs, often remain identical when websites are cloned. By hashing these icons and using Shodan, a search engine for internet-connected devices, security professionals can trace phishing sites sharing the same favicon as legitimate ones. This method allows for the identification of phishing domains, aiding in early detection and enabling timely action to protect potential victims.
Fighting Child Abuse with OSINT – A Diary of a Hunt
Online predators pose a growing threat to children through social media, gaming platforms, and the Dark Web. Open-source intelligence (OSINT) has become an essential tool in unmasking these criminals by analyzing their digital footprints, including fake identities, coded language, and interactions across various online spaces. Profiling their psychological patterns, investigators use OSINT techniques to track predators on platforms such as Facebook, Roblox, and the Dark Web. Despite their attempts to hide behind layers of encryption, these offenders leave behind traceable information, which can lead to their identification and arrest, offering a powerful defense against child exploitation.
Read More (Nina Maelainine, Medium)
Review: The Cado Platform From Cado Security
The Cado Platform, a cloud-native digital forensics tool, is revolutionizing the way investigators respond to security incidents in cloud environments. Unlike traditional forensics, which focuses on physical hard drives, cloud forensics involves acquiring and analyzing data distributed across cloud services like AWS, Azure, and Google Cloud. Cado enables rapid evidence collection, including disk images and memory, while supporting multiple file systems and volume formats. Its integration with third-party tools, such as VirusTotal and YARA, enhances malware detection. By streamlining forensic investigations, the platform helps security teams quickly identify malicious activities and prevent future threats.
Webcast: OSINT Journey Part 2 – Tools and Techniques
Claudia Tietze, a seasoned OSINT professional and author, leads an insightful webinar that delves into the use of Open Source Intelligence (OSINT) tools and techniques for navigating the digital landscape. The session explores how to manage complex data, with Tietze sharing expert tips and real-life use cases that demonstrate the practical application of OSINT tools. As the founder of Farallon, LLC, Claudia’s wealth of experience in intelligence tradecraft provides participants with actionable insights on case management and delivering effective results for clients.
Read More (Institute for CI, Vimeo)
UFADE version 0.9.3 (from Christian Peter) is now available
The latest release of UFADE, version 0.9.3, introduces timestamp-formatted output for most extraction types. It also includes a new developer mode for devices with passcodes and addresses bugs in the Watch-ufdr extraction flow. Additionally, naming issues related to Watches and legacy devices have been corrected, further improving the tool’s usability in digital forensics.
Bellingcat’s investigation tools on Github
Bellingcat’s GitHub serves as a hub for publishing and collaborating on open-source tools used in digital investigations. The platform offers detailed instructions for each tool, encouraging contributions from a global tech community. Popular repositories include the “Ukraine TimeMap” for tracking civilian harm, and the “Auto-Archiver” for saving media content. Bellingcat also supports long-term projects through its Open Questions section, which tackles complex investigative challenges. With an active Discord community and a commitment to transparency, Bellingcat aims to empower open-source investigators worldwide.
Read More (Bellingcat, GitHub)
iOS Duolingo Analysis | iOS Forensics 8
The forensic analysis of the Duolingo app reveals a wealth of user data that can be uncovered, such as daily language learning streaks, points earned, languages studied, and even mistakes made during lessons. Duolingo’s fun and engaging structure, with its character-driven lessons, provides not only an enjoyable language-learning experience but also generates valuable user activity data. By examining how the app functions in the background, investigators can gain insights into user habits and progress within the app.