Tag Archive for: forensic

Mobile Verification Toolkit: Forensic analysis of Android and iOS devices to identify compromise


Mobile Verification Toolkit (MVT) is a collection of utilities to simplify and automate the process of gathering forensic traces helpful to identify a potential compromise of Android and iOS devices.

Mobile Verification Toolkit

MVT supports using public indicators of compromise (IOCs) to scan mobile devices for potential traces of targeting or infection by known spyware campaigns. MVT is a forensic research tool intended for technologists and investigators. Using it requires understanding the basics of forensic analysis and using command-line tools. MVT is not intended for end-user self-assessment.

It was developed and released by the Amnesty International Security Lab in July 2021 in the context of the Pegasus Project, along with a technical forensic methodology. It continues to be maintained by Amnesty International and other contributors.

Mobile Verification Toolkit key features

MVT’s capabilities are continuously evolving, but some of its key features include:

  • Decrypt encrypted iOS backups.
  • Process and parse records from numerous iOS system and apps databases, logs, and system analytics.
  • Extract installed applications from Android devices.
  • Extract diagnostic information from Android devices through the adb protocol.
  • Compare extracted records to a provided list of malicious indicators in STIX2 format.
  • Generate JSON logs of extracted records and separate JSON logs of all detected malicious traces.
  • Generate a unified chronological timeline of extracted records, along with a timeline of all detected malicious traces.

Mobile Verification Toolkit is available for download on GitHub. The developers do not want MVT to enable privacy violations of non-consenting individuals. To achieve this, MVT is released under its license.

Source…

Still no internet in Albany schools for ‘forensic investigation’


ALBANY – There will be no internet in Albany schools for one more day, after an attempted cyberattack last weekend, school Superintendent Kaweeda Adams said.

The federal Homeland Security agency and other experts need more time to finish a forensic investigation to determine who or what tried to repeatedly hack into the school district, Adams said. Originally they had planned to finish the investigation by the end of Wednesday.

In addition, they are checking every machine in the district for programs that might have snuck in during the attack.

They must “interrogate all our machines to make sure nothing’s hiding,” she said.

The forensic investigation could also lead to changes in how the district keeps its systems secure, she said.

But the superintendent emphasized again that although the district was repeatedly hacked over the weekend, the attacks did not succeed. Adams did not specify how the hackers attempted to gain access.

“None of our information was compromised,” she said. “Our team was getting all the notifications of (cyberattack) activity and we were able to shut down that access.”

In the meantime, teachers will use printed materials for one more day, and students will not be able to use their Chromebooks or district-issued hotspots. 

The district has established an “alternate” way to maintain business operations, so that it could update the website, collect attendance and complete other duties. Employees will be paid as normal, she said.

The shutdown Thursday will give investigators an additional four days to work, because Friday is a school holiday.

Source…

Equipment to include in a computer forensic toolkit


For those beginning their computer forensic investigator career, an important aspect to consider is what equipment is needed to carry out successful investigations.

While software is a critical component of the job, examiners should have a complete computer forensic toolkit that consists of a computer workstation and a response kit to take out into the field.

In Learn Computer Forensics: Your one-stop guide to searching, analyzing, acquiring, and securing digital evidence, computer forensic investigator and author William Oettinger teaches new and experienced investigators everything they need to search for and analyze digital evidence, including which software and hardware to consider.

In the following excerpt from Chapter 2, learn about the forensic analysis process, starting with a look at the equipment Oettinger recommends including in a computer forensic toolkit. Download a PDF of the rest of Chapter 2 here.

Check out an interview with Oettinger, where he offers advice on starting down the computer forensic investigator career path.

The Forensic Analysis Process

We will now discuss the forensic analysis process. As a forensic investigator, you will need to create a strategy that will enable you to conduct an efficient investigation. You also need to make sure you are familiar with your tools and the results that they will provide. Without a process, you will waste time examining data that will not impact your investigation, and you will not be able to rely on your tools. In addition, you want to make sure you get valid results from the tools you deploy. Finally, to be thorough and efficient, you must use critical thinking to determine the best investigation or exam method.

Book cover image for Learn Computer Forensics by William OettingerClick here to learn more about

Learn Computer Forensics.

While there are similarities in every investigation, you will find differences that will require you to have an exam strategy to be efficient. I am not a fan of keeping an examination checklist because there will be areas that aren’t relevant, such as different operating systems, physical topography of the network, criminal elements, and suspects. These variables ensure that no two examinations or investigations are the same and will…

Source…

Judge rules Capital One must hand over Mandiant’s forensic data breach report – CyberScoop

Judge rules Capital One must hand over Mandiant’s forensic data breach report  CyberScoop
“data breach” – read more