Forensics StartMe Updates (9/1/2022)

Skip to main content

Search This Blog

Forensics StartMe Updates (9/1/2022)

Posted by Kevin Pagano September 01, 2022

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Shortlink: startme.stark4n6.com

I broke out the Test/CTF Images category from the Test Device Setup category for a little bit more granularity.

If people have suggestions for additions please feel free to shoot me a message on Twitter (@KevinPagano3).

DFIR YouTube Feed

ArcPoint Forensics

Forensic Blog Feed

Mash That Key - Carlos Carjigas

Getting Started in DFIR

The Ultimate Guide to Getting Started in Digital Forensics & Incident Response (DFIR)

OSINT Tools

Email Message Header Analyzer - Google Apps

PE / Malware Tools

Unprotect Project - Malware Evasion Technique Search

SANS Posters & Cheatsheets

Antivirus Event Analysis Cheat Sheet - Nextron Systems

Blue Team Cheat Sheet - Digital Forensic Forest

DFIR Cheatsheet Booklet - SANS

FOR509 - Enterprise Cloud Forensics & Incident Response

REMnux Usage Tips for Malware Analysis on Linux

Test/CTF Images

ACSC cyber security challenge

BelkaCTF - Belkasoft

Pcap Files - Netresec

Test Device & Analysis Setup

Creating a Full File System image from a jailbroken iOS device - Hexordia

StartMe updates

Get link
Facebook
Twitter
Pinterest
Email
Other Apps

Archive

April 20242
March 20244
February 20241
January 20243
December 20231
October 20233
September 20232
August 20232
July 20231
June 20232

Show more Show less

Popular Posts

StartMe Up (Forensic Edition)

As part of my own benefit I created a Start.Me page for a bunch of FOSS forensic tools and utilities that I currently have in my toolkit. I've also included RSS feeds for blogs I follow as well as YouTube channels and some other links to sites I frequent. You can access it at startme.stark4n6.com or preview it below (embedding on Blogger isn't the best). If anyone has suggestions on more items to add or links please feel free to reach out to me on Twitter @KevinPagano3 . *Cues The Rolling Stones*

Cellebrite CTF 2021 - Heisenberg's Android

Cellebrite is back with another CTF competition and this year's takes it up a notch. I want to start by giving major props to Heather, Paul, Ronen, Sahil and Ian for putting on a great competition . Now lets get started with the walkthroughs. First up, is the Samsung Note 10 owned by "Heisenberg". Evidence : https://d17k3c8pvtyk2s.cloudfront.net/CTF21/CTF21_Heisenberg_SM-N970U1_QualcommLive_2021-07-22.zip Password : 02DB2ECE91DB67E8FA939FC3DC15D16B Device Identification (10 points) What is the Bluetooth MAC Address of the first vehicle Heisenberg's Android connected to? Pulled from the file at the following path: Dump\data\misc\bluedroid\bt_config.conf We get bluetooth connections which we can easily see in the ALEAPP report below that the answer was " 34:C7:31:F8:61:3B ". Figure 1: Bluetooth connections report in ALEAPP Application Analysis (10 Points) Which website did Heisenburg look for guidance on how to mount a USB drive on his phone? (The answer sh

Cellebrite CTF 2023 - Abe

After a year hiatus Cellebrite was back in full force with another lengthy CTF challenge. This year featured 4 different phones, 2 iPhones and 2 Android devices. Challenge details can be found on Cellebrite's blog . We are going to start with Abe since in my opinion was the easiest of the bunch and one of the only ones where our team completed 100% (shout out to Heather and Alexis ). Evidence Download : Abe Abe 01 - iCloud ☁️📧 (10 points) Abe used a unique email address for his iCloud account. What is that email address? Using iLEAPP you can head over tot he Accounts > Account Data report and see the email address littered across multiple accounts, Abe used the iCloud account email aberudder@icloud.com . Figure 1: Account Data report in iLEAPP You could also find these from the database file at the path: filesystem2\mobile\Library\Accounts\Accounts3.sqlite Abe 02 - Comm App 💬🗨️ (10 points) Abe used different types of communication channels, through different applications.

© 2021 STARK 4N6

Powered by Blogger