A big thank you to SANS for inviting me to speak at the 2014 DFIR summit in Austin. It was a great experience and I hope to do it again in the future. Another big thank you goes out to all who attended the talk. I...
Continue reading »
June 11, 2014 Nicole Ibrahim
Conferences
5 Comments
From the previous tests conducted, it has become apparent that for USB devices attached to a system, the transport protocol used by the device plays a role in the types of artifacts generated. This can also include the content and structure of those artifacts, as...
Continue reading »
January 3, 2014 Nicole Ibrahim
Research, Windows
7 Comments
In this post I will cover artifacts related to directory traversal. In the last post I went over the differences between USB transport protocols for when a USB is first attached to a system. In this post I will continue divulging the findings of my...
Continue reading »
December 26, 2013 Nicole Ibrahim
Research, Windows
7 Comments
In the previous posts I posited my research goals and introduced the three major USB transport protocols: MSC, PTP and MTP; as well as some basic information about each. Then, I discussed some of the basic concepts surrounding how Windows selects the most appropriate drivers...
Continue reading »
December 21, 2013 Nicole Ibrahim
Research
3 Comments
Have you ever wondered how or why Windows uses different drivers and configurations for what appears to be USB devices of the same type? I certainly have. That question is part of what sparked my interest in researching MSC, PTP and MTP devices as discussed...
Continue reading »
October 16, 2013 Nicole Ibrahim
Research
2 Comments
Recently, I was listening to CyberJungle’s latest podcast release and they mentioned something I found quite interesting. They talked about an article posted on ComputerWorld about how android phones are secretly collecting WiFi passwords and sending it off to google. For more details I encourage...
Continue reading »
September 23, 2013 Nicole Ibrahim
Ramblings
1 Comment
In the previous post of this series, I talked about the objectives and reasoning for approaching this angle of USB device research. Today I will be going over the three major USB transfer protocols. Emphasis will be placed on the following: Basic information about each...
Continue reading »
September 18, 2013 Nicole Ibrahim
Research
3 Comments
Hello All, It’s about time to do some real blogging, item of discussion: MTP and PTP enabled USB devices in Windows. I’m planning on making this topic a series of posts as it includes a lot of information, but in the end, it will be...
Continue reading »
September 13, 2013 Nicole Ibrahim
Research
1 Comment
So… My blogging quest has officially begun. Thankfully, for both my sake and yours, I’m not new to the idea. I’ve spent many late hours scouring through other forensics sites like Sans Computer Forensics Blog, Cyberspeak, and Forensic Focus. I’ve also been inspired by a couple...
Continue reading »
March 20, 2013 Nicole Ibrahim
Ramblings
No Comment
