Tuesday, August 22, 2017

Universal Network Investigations Updates

Universal Network Investigations (at LinkedIn) is a discussion group exists to assist telecoms, cyber, forensics, information security, pen testing, and fault-finding investigations: to exchange observations and sharing 'intel' in a closed forum discussing fixed and mobile network investigations - trace data and other forms of evidence (including but not limited to PCAP, CDRs, traffic logs, exchange and switch data, cell details, dumps, etc.). Investigations can start with examining a device or network activity, so all aspects will be posted in the group.

To join - https://www.linkedin.com/groups/13536130

Group Rules:
1) Chatham House Rule applies.
2) An essential aspect of joining the Group is to participate and share knowledge, skills and experience.
3) No selling, no spamming.

Latest Posts
- Dropped phones
- Tool for the Investigator ISMS Toolbox
- Apple Secure Enclave Processer (SEP) - Hacked
- Purging Data HDD (InfoSec)
- Rack and Ruin
- When a Genuine Product is used as a Rogue Device
- GDPR
- GDPR-1
- Framework for Digital Forensic Employment KSE (knowledge, skills, experience)
- VOIP Basics (updated)

- Tool for the Investigator ISMS Toolbox
- BGP
- Cisco IOS Versions
- EIGRP
- First Hop Redundancy
- Frame Mode MPLS
- IEEE 802.11 WLAN
- IOS Interior Routing Protocols
- IOS IPv4 Access Lists
- IOS Zone Based Firewall
- IPSec
- IPv4 Multicast
- IPv6
- IS-IS
- NAT
- OSPF
- Physical Terminations
- PPP
- QoS
- RIP
- Scapy
- Spanning Tree
- TCP Dump
- VLANs
- Wireshark Display Filters
- BILL - Internet of Things IoT Cybersecurity Improvement Act
- 1995-2017 Computer Security (Information Security)
- So what does the TIMSI get me?
- Federal data collection MRMCD
- Tech Against Terrorism
- Telecommunications (Interception and Access) Act 1979 (2017) (Australia)
- 27,482 cyber security incidents reported in H1 2017
- Surveillance Drones Report
- Smartphone Cybercrime
- PSCR Network Identifiers Demonstration Guidelines
- Plan MNC
- Ping Test
- MNC Probe Metrics
- ITU-T GSM Country Codes
- IMSI Prepaid MVNO
- G42UMTS Security
- Cyber Threats to Mobile Phones
- Building Mobile Tools for Rights Defenders and Activists
- USER INVASION TESTS ON SAMSUNG GALAXY J3-6 J320FN
- UTC Document Register
- IMSI Assignment and Management Guidelines and Procedures
- Evolution in the Use of E.212 Mobile Network Codes
- 3rd Party Access to Number Portability Data
- Evolution in CLI usage
- Wrong Evidence Capture Tools
- Phone Hacks
- Multi-Traceroute (MTR) in NST
- NST
- Detecting Hidden Networks created with USB Devices
- Infrastructure - human access - fake fingerprint
- Operator 'Law Enforcement Disclosure' reporting
- Covert Tactical Measures
- NUMBERING PLAN ASSISTS TRACE
- Annual Cybersecurity Report - 2017
- Infrastructure Security Report - Worldwide
- Real Intelligence Threat Analysis (RITA)
- GSM Security Threat Risks
- Where to begin?
- RSOE EDIS Emergency and Disaster Information Service
- GSM Security Threat Risks
- NOC NOC - Fault Management and Troubleshooting
- SS7 and 2FA
- Detection in a multilayer network
- Diameter - Online Charging Systems (OCS)
- Big / Fresh / Deep - Data : Huaewi overview
- Hot technologies to know about
- ARP.pcap
- bgp.pcap
- https.pcap
- ICMP-ARP-OpenFlow1.0.pcap
- ICMP-DHCP-DNS.pcap
- Russians target Telegram App
- Wireshark
- Protocols Relevant to U-N-I
- Industrial Networks Hit By WannaCry
- IM Telegram Replay Attack - Android
- Whisper Signal WhatsApp
- Subpico Intelligent Application Layer Software
- Subpico LI with evidential integrity
- TraceWrangler
- old_GUTI_IMSI_Critical_Reject (updated)

Saturday, August 12, 2017

Field Project Investigations

Conducting a technology review/audit prior to commencing field projects is an important task in order to understand the 'technology estate' owned and/or operated by an organisation. It is for revelation purposes and to comprehend [legacy] technology as stand-alone or interconnected/intra-connected with [current] technology and significantly if or how legacy has been ported-over to operate via applications/software to work with current. So more information has been posted. This is for the purposes as mentioned previously dealing with cases requiring 'field project investigations' (from installs to troubleshooting). I am sharing these .pdfs because I found forensics became one of the tools to be applied during investigations and not the main tool. Knowing the background details (tech spec, set-up, logs files, install procedures, etc.) assists understand "why an artefact was there".


To read the posts - https://www.linkedin.com/groups/2436720

Latest Updates: Institute for Digital Forensics

- Windows Registry Reference
- Apple Reference Cards and iPad iOS7 Quick Guide
- USB Guide & USB Key Guide
- Hardware Configuration Dell Precision WorkStation
- Legacy DOS
- 100 Windows 8 Keyboard Shortcuts
- 100 Chrome Tips


Institute for Digital Forensics - Previous Updates

- Tron Commands
- Malware, Junkware, Virus
- Checking Implemented Security
- Backups
- Troubleshooting, Tips and Guides
- Windows NT Server Resource Reference
- Admin Tools To Know and Explained
- Corrupted Registry
- Windows Resource Kit Reference
- Fasteners
- Projects - Win 10
- Projects - Win 8
- Projects - Win 7
- Vulnerabilities in Critical Evidence Collection
- Imaging with Image-X: The Ghost Killer
- A Guide for the Forensically Sound Examination of a Macintosh Computer
- Interpol's Forensic Report on FARC Computers and Hardware
- Reducing Data Lifetime Through Secure De-allocation
- Realising - Risk Sensitive Evidence Collection
- Notes on Computer Systems and Operating Systems
- Finding Child Porn in the Workplace
- Drafting Electronic Evidence Protocols
- Data Hiding in Journaling File Systems
- Investigation of Protected Electronic Information
- Electronic Evidence: The Ten Commandments
- Electronic Evidence Best Practices
- Laws of evidence in criminal proceedings throughout the European Union
- Evaluating Commercial Counter-Forensic Software
- Hacking into computer systems
- Windows device interface security
- NSA Redacting with Confidence: How to Safely Publish Sanitized Reports
- Reproducibility of Digital Evidence
- Windows Memory Analysis
- Secure Deletion Myths
- Spoliation of Evidence
- Forensic Discovery
- VMware to boot cloned/mounted hard disk images
- Volume Serial Numbers: Format Verification Date/Time