Earlier this week I developed a Try Hack Me room called “h4cked”. The room is a combination between learning network forensics and basic penetration testing skills. You can find it here: https://tryhackme.com/jr/h4cked Scenario – Task 1: “It seems like our machine got hacked by an anonymous threat actor. However, we…
Forensics
Embedded MultiMediaCard (eMMC) chips are located in many devices, such as gaming consoles, IoT, mobile phones, and smart TVs. Imaging and extracting data from these devices can often be challenging. Traditional storage devices (such as hard drives and USBs) can easily be mounted locally on a machine before being imaged….
Live systems are, in some cases, encountered during an investigation. However, the volatile data running in the computer’s memory could potentially contain important evidence. If the computer is powered off – the volatile data is lost. The volatile data could contain crucial information, such as encryption keys, passwords, network connections,…
File carving is a useful technique if the file system is not recognized. In certain cases, the imaged device might just contain a large chunk of data; rather than something structured, such as a FAT16 USB. Uncommon file systems may also not be supported by traditional forensics tools. Therefore, file…
Used storage devices such as SD cards and USB sticks are sold on different sites. There are many used devices available for purchase on both eBay and Amazon. However, many sellers do not have competence regarding how to sufficiently wipe these devices. Furthermore, I chose to purchase a set of…