- READ MORE
On November 1st 2018, a new user under the name “Erwincho” registered onto RaidForums – a well known site with over 150,000 members where users post leaked databases that have normally become publicly available elsewhere in hacking forums. His first step in the forum was to upload a database allegedly leaked from Thegiodidong.com, the Vietnamese […]
- READ MORE
As per our previous Vietnam cloud email study, 3.1% of all domains in the Vietnam DNS top level domain (.vn) use Zoho mail (now renamed as Workplace). This article describes the forensics information available to organisations using any of the multiple variants of Zoho email hosting plans.
- READ MORE
Weak passwords are an easy way attackers use to get into systems or networks. All internet exposed servers, website login forms and email addresses are constantly being scanned by automatic scripts trying to “guess” passwords. If any of your passwords are easy to guess, or on the “most common” lists, your organization will have a […]
- READ MORE
As seen in our Vietnam cloud email study, 17% of all email infrastructure on the Vietnam DNS top level domain (.vn) is based on Google cloud. Google cloud email (also known as GSuite) is the single largest provider of email cloud services in Vietnam, being 5 times larger than the second largest provider – Zoho. For […]
-
Digital Forensics / Media forensics / Network Forensics April 19, 2018
READ MOREAll forensic investigators need a travel forensics kit. This is a set of equipment you can grab at a short notice that should cover “most” eventualities when at an engagement. Typical components are a forensic workstation with the relevant software, write blockers, network taps, external storage, and other tools.
- READ MORE
We regularly encounter scenarios where attackers gain unauthorised access to users’ mailboxes. The aim of the digital forensic examiner is to understand as much as possible about the breach in order to give to recommend the client which steps to take (how access was gained, how long was the breach undetected, whether emails were sent, […]
- READ MORE
On many cases a forensics investigation has to be done quickly and without affecting systems hosting live data without affecting the current workload, or preventing users from accessing the system. DFIR has processes to obtain the best possible forensics data in this situations.
- READ MORE
In order to ensure the images we create are tamper-proof (can not be switched/replaced or modified), we use digital signatures using GPG (https://www.gnupg.org/). DFIR VN runs a double signature system for forensic captures.
- READ MORE
One of the most useful things a local IT department can do when confronted with a security event is capture information. A fresh dataset, captured hours or days after an event can be crucial in order to answer important questions at a later stage. Once captured in a standard manner, the digital footprints are “frozen” […]
- READ MORE
A place where evidence handling shines on Linux is the ability to safely mount full disk images using loopback devices. This post will explain how to simply mount the different partitions within a read-only image and then access different Virtual Shadow Copies (VSS) for NTFS partitions.