Luis Roche created and implemented in a life in which he exchanges information, raise awareness and give illustrations about security. The last article examined some of the digital forensic artifacts that may be useful in your search to find answers to questions related to the investigation.
This material will be presented in 2 parts. The first part will explain some interception techniques, the second part will explain how to detect them. There are no files in kernel mode, the author will be considered both for user mode and kernel mode in the x86 system in this article.
Researchers have developed many ways to extract data from computer systems by developing hidden channels. A computer with an air filter is considered to be a high-cost target, so considerable research has entailed getting data from them-without a network connection.
Robin Harris is Principal Analyst at TechnoQWAN LLC,. He wrote a post in which he tells about four groups to which the hidden channels are divided:
1. Electromagnetic channels vary from eavesdropping of electromagnetic radiation from the memory bus, to leakage from USB ports and cables. 2. Acoustic channels became popular with the advent of hacked smartphones. 3. Thermal channels will ever find a practical [...]
DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for creating repetitive, time-lagged, distributed security events. The toolkit is designed for dynamic expansion, which allows you to create your own fires (event modules) to add to the included collection of Fires tools.
Daniel Pistelli shared a short post about Windows memory forensics on OSX. He described a piece of software called Profiler.
Kirtar Oz is involved in the analysis of PowerShell attacks among customers. He came up with several indicators that will help detect potential PowerShell attacks in the environment. These indicators are based on analysis and research.
Steganography is a science that studies the ways of hidden transmission of information by hiding the very fact of transmission. Science is absolutely not new in its idea, but with the invention of digital ways of implementing algorithms used in it, its development has reached an essentially new level. Three different samples of malicious programs in network attacks containing tools for intellectual analysis of crypto-currency, hidden in forged image files were identified in 2017.