The core of all reporting
I had planned to write a one-liner for this post, but I think it deserves more context.The point of reporting is to tell a story, one that flows. This piece of advice during my time at a consultancy sounded easier…
Clint Marsden
Booting stalkers / abusive partners from your digital accounts
This is a work in progress, but has the fundamentals of what you should do. Apologies for the jargon that’s included, I would recommend sharing this with the person who is assisting you with the wiping of devices in an…
Evidence of file execution
Don’t Deny It! When you were a child, did you ever do something that you shouldn’t have, and when caught and subsequently questioned by your parents as to whether you just did something which is blaringly obvious, did you deny…
Opsec at Conferences
Depending on your level of paranoia, security awareness or interest this may or may not be relevant. With the release of the Snowden files a few years back however, the Cyber Security community gained access to untold knowledge and confirmation…
From Tech to Executive Communicator
Things are different in the world of techs compared to the world of Executives. We have more time, more interest in a level of detail,more desire to chew the fat over a topic. Executives don’t have this luxury. In fact…
Getting Log2timeline / Plaso Installed on Ubuntu 18.04 with Virtual Box 6
Jumping straight back in with no news of what’s been happening, apart from a new job, and me generally forgetting about this altogether. If you want a simple way to get timelining with log2timeline & plaso, running it on Ubuntu…
Finding the adversary isn’t as hard as you think
So I’ve got to be quick while writing this, as I’m about to go back home after a week of training. I’ve been feeling the guilt for some time, knowing that I entirely missed posting in April and it was…
Grep – What a beast!
When I had been given the better part of 8gb of logs recently and was playing with a trial licence of splunk, I was in between a rock and a hard place. I had a string to search for, but…
The simple as pie log2timeline / plaso / psort syntax
After days of going through pages of doco, running tests on terabytes of files, I finally made it all work. log2timeline.py myhost.plaso sourceimage.vmdk #myhost.plaso is going to be the output body file for psort. This creates the metadata and…
FTK Imager – Creating Custom Content Images with classic file types
FTK Imager is a free tool from Access Data that has a few key functions: 1.Capture live memory and dump to a .mem file (to be used with volatility/rekall etc later) 2.Create a custom content image from the file system.…