Join us as we forensically investigate this interesting scenario that often leads to rabbit holes, red herrings, canards and wild goose chases.
Introduction
In this scenario, we've received an image of a USB thumb drive (orig_128mb_image.dd) confiscated from the hacker's backpack. It was literally sewn in the lining of the backpack, which makes it even more interesting. The primary investigators did not want to plug it into any of their field laptops (they learned from the last time - another story, another time), and kicked it back here to our basement team for further analysis.
After our team imaged the 128MB USB thumb drive (do they even make those anymore?), hashed it for exhibitable evidence, and assigned it to a case, they get to play with it and see if there's anything actually on there. This is where we load it into Autopsy [1] running on macOS Sonoma via Parallels on a Windows 11 VM and see what we see.
We'll continue down below under the Demonstration section, so feel free to skip ahead and check it out.
Meanwhile, we'll discuss digital data in its most modern form. Nowadays, it's very common to keep data in the cloud (aka other people's computers that you or someone else rent) and that's what most people do in the most nonchalant fashion (assuming or not even caring if the data is being encrypted or scrutinized by entities, live, AI or otherwise).
Data is also kept on phones, flash drives, SD cards, DVDs,....
Author
Latest Articles
- OfficialAugust 26, 2024Getting Started in Cyber Security Forensics with AI and ChatGPT
- NewOctober 3, 2023Hunting Hackers Using Autopsy on a macOS Image
- OfficialSeptember 26, 2023Hunting for macOS Ransomware Using VirusTotal Enterprise
- OfficialSeptember 10, 2023VirusTotal’s Code Insight Versus ChatGPT Analysis