Update Archives | Page 90 of 99

May 6, 2015 by Didier Stevens

Update: NAFT Version 0.0.9

This update to NAFT adds support for YARA. YARA rules can be used to search through the heap, like this:

naft-icd.py -y IOS_canary.yara –decoders decoder_xor1 heap r870-core

Address Bytes Prev Next Ref PrevF NextF Alloc PC what 83AB9498 0000004100 83AB9444 83ABA4CC 001 -------- -------- 80B5CC7C 8253709C YARA rule: IOS_canary

Rule IOS_canary.yara searches for a canary value inside the blocks.

rule IOS_canary { strings: $canary = {FD 01 10 DF} condition: $canary }

NAFT_V0_0_9.zip (https)
MD5: FEBBDB892D631275A95A0FEA59F8519F
SHA256: 95F42F109623F2BA6D8A9FFB013CBB0B5E995F02E5EB35F8E83A62B8CA8B86D0

May 4, 2015 by LCDI

Mac OS X Forensics: Conclusion

RESULTS With the semester coming to a close, the projects are wrapping up and the reports are rolling out. We are diving into examining the devices we used for the Handoff feature and are currently finding data that points to its use. Below you can see a Handoff request that was found in the devices […]

The post Mac OS X Forensics: Conclusion appeared first on Computer & Digital Forensics Blog.

May 2, 2015 by LCDI

HashCracking Project: Conclusion

With more devices connecting to the Internet every day, the amount of passwords stored online increases exponentially. Passwords are required to access sensitive data and systems, so they are constantly being targeted as attack vectors by malicious actors. Hashcracking is the process of attempting to find the clear-text equivalent of a password stored in its […]

The post HashCracking Project: Conclusion appeared first on Computer & Digital Forensics Blog.