Another big thank you going out to the SANS crew for inviting me to speak at the DFIR summit 2017 in Austin. It was a great pleasure and an amazing conference. My presentation slides are available for download here Mac… Continue Reading
Undocumented, unexplored, and underutilized, that is until now. Apple FSEvents or File System events are an invaluable artifact for every Apple examiner and should be a go to resource for artifacts relating to file system activity that occurred in the past.… Continue Reading
https://digital-forensics.sans.org A big thank you to SANS for inviting me to speak at the 2014 DFIR summit in Austin. It was a great experience and I hope to do it again in the future. Another big thank you goes out to… Continue Reading
From the previous tests conducted, it has become apparent that for USB devices attached to a system, the transport protocol used by the device plays a role in the types of artifacts generated. This can also include the content and… Continue Reading
In this post I will cover artifacts related to directory traversal. In the last post I went over the differences between USB transport protocols for when a USB is first attached to a system. In this post I will continue… Continue Reading
In the previous posts I posited my research goals and introduced the three major USB transport protocols: MSC, PTP and MTP; as well as some basic information about each. Then, I discussed some of the basic concepts surrounding how Windows… Continue Reading
Have you ever wondered how or why Windows uses different drivers and configurations for what appears to be USB devices of the same type? I certainly have. That question is part of what sparked my interest in researching MSC, PTP… Continue Reading
Recently, I was listening to CyberJungle’s latest podcast release and they mentioned something I found quite interesting. They talked about an article posted on ComputerWorld about how android phones are secretly collecting WiFi passwords and sending it off to google.… Continue Reading
In the previous post of this series, I talked about the objectives and reasoning for approaching this angle of USB device research. Today I will be going over the three major USB transfer protocols. Emphasis will be placed on the… Continue Reading
Hello All, It’s about time to do some real blogging, item of discussion: MTP and PTP enabled USB devices in Windows. I’m planning on making this topic a series of posts as it includes a lot of information, but in… Continue Reading