Intelligence-Driven Incident Response with YARA

By Ricardo Dias

Given the current cyber threat landscape, organizations are now beginning to acknowledge the inexorable law that decrees that they will be compromised. Threat actors’ tactics, techniques, and procedures demand intelligence-driven incident response, which in turn, depend upon methodologies capable of yielding actionable threat intelligence in order to adapt to each threat. The process to develop such intelligence is already in motion, heavily relying on behavioral analysis, and has given birth to cyber threat indicators as a means of fingerprinting and thus identifying new and unknown threats. This paper will focus on YARA, a malware identification and classification tool used as a scan engine, whose features will be explored in order to deploy indicators at the endpoint.
» Read more

SANS Investigate Forensics Toolkit—Forensics Martial Arts Part 1

By Aditya Balapure

The SANS Investigate Forensic Toolkit (SIFT) is an interesting tool created by the SANS Forensic Team and is available publicly and freely for the whole community. It comes with a set of preconfigured tools to perform computer forensic digital investigations. This is based on Ubuntu and has a long list of tools for present forensic needs. We will have a walkthrough of some of the very famous tools used in forensic investigations. It supports evidence formats such as raw format (.dd), encase image file format (E01), and advanced forensics format (AFF).
» Read more

Introduction to IT Security & Computer Forensics – InfoSec Resources

By Dalasta Darren

This introductory course covers IT Security and goes more in-depth into Computer Forensics. There are 12 modules to cover the categories of Anonymity on the Internet, Darknets Tor Hidden Services, Anti-forensics with USB Rubber Ducky, Forensic Imaging, Forensic Recovery, Forensics with Autopsy, Network Analysis, Hacking Android, Armitage 101, Memory Analysis with Volatility, Network Analysis, and Forensics with DFF.

» Read more

Loki-Bot: Information Stealer, Keylogger, & More!

By Rob Pantazopoulos

Loki-Bot is advertised as a Password and CryptoCoin Wallet Stealer on several hacker forums (carter, 2015) (Anonymous, 2016) (lokistov, 2015) but aside from cheap sales pitches on the black market, not much has been published regarding the details of its characteristics and capabilities. This poses a problem to information security analysts who require such details in order to accurately prevent and/or defend against incidents involving this malware. The primary goal of this paper is to provide a comprehensive resource on Loki-Bot for those looking to better understand its inner workings and to provide contextual knowledge in support of incident response efforts. Contents of this paper will focus solely on characteristics identified during code-level analysis within a debugger. Basic static and dynamic analysis of Loki-Bot will be left as an exercise for the reader.
» Read more

Commercial Computer Forensics Tools

By Infosec Resources

Contrary to popular belief, the domain of digital forensics is far from being monolithic. From the outside looking in, it might appear that computer forensics lacks versatility in terms of use cases. But just as computers have evolved over the years, both in terms of hardware and software, so has the landscape of retrieving valuable information from them through sound forensic techniques. Constant innovation in computing leads to better methods of encryption, concealment and manipulation of data. This consequently leads to the development of more powerful tools that can match the contemporary demands of digital forensics. Today, the tools for addressing various digital forensics use cases can be divided into multiple categories, whether we’re looking at differing systems or the range of forensic functions. In this article, we will look at these categories and discuss some of the most popular digital forensics tools available to us.

» Read more