Friday, December 18, 2020

Procedures for proper Digital Forensic Research.

First of use a computer system just for the recovery and not an everyday used computer. After each use of research wipe the computer with Eraser or Minitool with a low-level destruction algorithm (DoD Complaint).  

Next sandbox the computer from any network or internet connection. 

Depending on the device I use Autopsy with plug-ins from Video Triage and the LEO Version of BIN Recovery and a few others. I copy them to a usb drive and install them on the newly reloaded computer. 

Judging from the data or type of device I am having to analyze it from, I create an image of it or a backup of the data type.

Then I process all plug-ins in Autopsy the following is mostly pay more attention too; Keyword Search, Deleted Files, Video Triage, Image Processor, and the Law Enforcement plug-in. 

Depending on the case I would suggest getting a copy of Recuva to also process recovery files. 

 Autopsy will provide you with really reporting tools. Such as meta-data, (Time, Locations) Also you can generate a detailed report of information down to a single day, month, time. 

Then I run the reporting tools finalize the case move all information to external drive and encrypt it, to be handed over to the customer.

Friday, September 25, 2020

The Windows XP source code was allegedly leaked online

 The source code for Windows XP SP1 and other versions of the operating system was allegedly leaked online today.

The leaker claims to have spent the last two months compiling a collection of leaked Microsoft source code. This 43GB collection was then released today as a torrent on the 4chan forum .

For more information visit; Bleeping Computer

Microsoft confirms Group Policy Editor bug in Windows Server 2016

 Microsoft has confirmed that a bug in Windows 10 version 1607 and Windows Server 2016 is causing the Group Policy Editor to display errors.

In our September 2020 Windows health report, we reported that Windows 10 1607 and Windows Server 2016 users were experiencing errors when opening the the Security Options MMC in the group policy editor.

For More Information visit;

Texas Attorney General Announces Arrests In Fraudulent Mail-In Ballot Scheme In Democrat Primary

Texas Attorney General Ken Paxton announced on Thursday that law enforcement officials had arrested four individuals for their alleged involvement in an illegal ballot harvesting scheme in the state’s 2018 Democrat primary election. One of the people who was arrested was the Democrat who won the primary race. For more information visit;


Unpatched Domain Controllers Remain Vulnerable to Netlogon Vulnerability, CVE-2020-1472

 The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain administrator access. Applying patches from Microsoft’s August 2020 Security Advisory for CVE-2020-1472 can prevent exploitation of this vulnerability.

CISA has released a patch validation script to detect unpatched Microsoft domain controllers. CISA urges administrators to patch all domain controllers immediately—until every domain controller is updated, the entire infrastructure remains vulnerable. Review the following resources for more information:

For more information visit the site below.