- 216
- 2 773 456
DFIRScience
United States
Приєднався 5 кві 2014
Welcome to DFIRScience (DFIR.Science). This channel is devoted to research and development in cybersecurity, digital forensics, and incident response. DFIRScience is a mix of practical how-tos on various topics and keeps up on current news and research in digital forensic science, cybercrime investigation, and hacking.
Schedule:
* New tutorials every Tuesday
Early, ad-free access for supporters: www.patreon.com/dfirscience
Signup for the DFIRScience newsletter for the monthly schedule: eepurl.com/hG9inj
👍 Subscribe for weekly videos → ua-cam.com/users/DFIRScience
🕸️ Website → DFIR.Science
❤️ Support → www.patreon.com/dfirscience
✏️ Contact Us → bit.ly/DFIRSciContact
🤖 Code and data → github.com/dfirscience
Social
* DFIRScience
* www.reddit.com/user/dfirscience
* linkedin.com/dfirscience
* dfirscience
Schedule:
* New tutorials every Tuesday
Early, ad-free access for supporters: www.patreon.com/dfirscience
Signup for the DFIRScience newsletter for the monthly schedule: eepurl.com/hG9inj
👍 Subscribe for weekly videos → ua-cam.com/users/DFIRScience
🕸️ Website → DFIR.Science
❤️ Support → www.patreon.com/dfirscience
✏️ Contact Us → bit.ly/DFIRSciContact
🤖 Code and data → github.com/dfirscience
Social
* DFIRScience
* www.reddit.com/user/dfirscience
* linkedin.com/dfirscience
* dfirscience
Starting with Velociraptor Incident Response
Velociraptor IR (Incident Response) is an open-source endpoint visibility tool. You can monitor many clients across networks, conduct hunts on all clients, or define subsets of relevant systems based on tags. Use Velociraptor IR for client monitoring, threat hunting, response tasks, and digital forensic triage.
We talk about how to set up Velociraptor IR in a test environment to familiarize you with its layout and features. Specifically, how to add, monitor, and hunt with clients.
Thank you to our Members and Patrons, but especially to TheRantingGeek, Kuek Dekuek, Wilson L, Steven Lorenz, Steffen Luithardt, pjs, Lorie Hermesdorf, Carlos E Gallo Monteiro, Roman! Thank you so much!
00:00 Velociraptor Incident Response
00:44 WARNING
01:02 Downloading Velociraptor IR
02:36 Verify Velociraptor IR binaries (IMPORTANT)
03:17 Download Velociraptor IR developer key
04:53 Setting binary run permissions in Linux
05:32 Velociraptor IR first run
06:33 Creating a client a server config
12:42 Client config file - set server local IP address
13:36 Copy client config to clients
14:01 Start the Velociraptor IR server GUI
14:54 Velociraptor IR interface first run
15:25 Start and enroll the Velociraptor IR client
18:17 Velociraptor IR search clients
20:04 Velociraptor IR add client labels
21:45 Velociraptor IR client management interface
22:01 Velociraptor IR client - Interrogate
22:22 Velociraptor IR client - Virtual File System (VFS)
24:34 Velociraptor IR client - Collected
24:57 A quick look at Velociraptor data store structure
26:14 Velociraptor IR client - Quarantine Host
26:51 Velociraptor IR client - Overview
26:55 Velociraptor IR client - VQL Drilldown
27:11 Velociraptor IR client - Shell
28:05 Left Menu Feature Tour
28:20 Hunts
28:35 Create a hunt
30:46 Select hunt artifacts
31:01 Velociraptor IR Artifact Exchange
31:33 Linux.Search.FileFinder
32:41 Configure artifact parameters
33:18 Regular expressions
36:34 Specify Resources
37:21 Review
37:31 Launch hunt
38:10 View hunt results
39:59 View/Edit Artifacts
40:48 Server Events
41:33 Create a new server monitor
42:07 Server Artifacts
42:13 Notebooks
43:03 Host Information
43:13 Host Specific Options
43:26 Host Monitoring
43:36 Create a new client monitor
46:01 Main Features Review
46:49 Where to find more resources
48:17 Thank you for your support!
🚀 Full Digital Forensic Courses → learn.dfir.science
Links:
* Velociraptor IR Docs: docs.velociraptor.app/
* Download Velociraptor IR: github.com/Velocidex/velociraptor/releases
* Velociraptor IR Blog: velociraptor.velocidex.com
Related book:
* Incident Response in the Age of Cloud (amzn.to/3QsY7cf)
* Cybersecurity Masters Guides (amzn.to/3B207CL)
#incidentresponse #forensics #velociraptor #dfir #infosec
010001000100011001010011011000110110100101100101011011100110001101100101
Get more Digital Forensic Science
👍 Subscribe → bit.ly/2Ij9Ojc
❤️ YT Member → bit.ly/DFIRSciMember
❤️ Patreon → www.patreon.com/dfirscience
🕸️ Blog → DFIR.Science
🤖 Code → github.com/DFIRScience
🐦 Follow → DFIRScience
📰 DFIR Newsletter → bit.ly/DFIRNews
010100110111010101100010011100110110001101110010011010010110001001100101
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Please link back to the original video. If you want to use this video for commercial purposes, please contact us first. We would love to see what you are doing.
We talk about how to set up Velociraptor IR in a test environment to familiarize you with its layout and features. Specifically, how to add, monitor, and hunt with clients.
Thank you to our Members and Patrons, but especially to TheRantingGeek, Kuek Dekuek, Wilson L, Steven Lorenz, Steffen Luithardt, pjs, Lorie Hermesdorf, Carlos E Gallo Monteiro, Roman! Thank you so much!
00:00 Velociraptor Incident Response
00:44 WARNING
01:02 Downloading Velociraptor IR
02:36 Verify Velociraptor IR binaries (IMPORTANT)
03:17 Download Velociraptor IR developer key
04:53 Setting binary run permissions in Linux
05:32 Velociraptor IR first run
06:33 Creating a client a server config
12:42 Client config file - set server local IP address
13:36 Copy client config to clients
14:01 Start the Velociraptor IR server GUI
14:54 Velociraptor IR interface first run
15:25 Start and enroll the Velociraptor IR client
18:17 Velociraptor IR search clients
20:04 Velociraptor IR add client labels
21:45 Velociraptor IR client management interface
22:01 Velociraptor IR client - Interrogate
22:22 Velociraptor IR client - Virtual File System (VFS)
24:34 Velociraptor IR client - Collected
24:57 A quick look at Velociraptor data store structure
26:14 Velociraptor IR client - Quarantine Host
26:51 Velociraptor IR client - Overview
26:55 Velociraptor IR client - VQL Drilldown
27:11 Velociraptor IR client - Shell
28:05 Left Menu Feature Tour
28:20 Hunts
28:35 Create a hunt
30:46 Select hunt artifacts
31:01 Velociraptor IR Artifact Exchange
31:33 Linux.Search.FileFinder
32:41 Configure artifact parameters
33:18 Regular expressions
36:34 Specify Resources
37:21 Review
37:31 Launch hunt
38:10 View hunt results
39:59 View/Edit Artifacts
40:48 Server Events
41:33 Create a new server monitor
42:07 Server Artifacts
42:13 Notebooks
43:03 Host Information
43:13 Host Specific Options
43:26 Host Monitoring
43:36 Create a new client monitor
46:01 Main Features Review
46:49 Where to find more resources
48:17 Thank you for your support!
🚀 Full Digital Forensic Courses → learn.dfir.science
Links:
* Velociraptor IR Docs: docs.velociraptor.app/
* Download Velociraptor IR: github.com/Velocidex/velociraptor/releases
* Velociraptor IR Blog: velociraptor.velocidex.com
Related book:
* Incident Response in the Age of Cloud (amzn.to/3QsY7cf)
* Cybersecurity Masters Guides (amzn.to/3B207CL)
#incidentresponse #forensics #velociraptor #dfir #infosec
010001000100011001010011011000110110100101100101011011100110001101100101
Get more Digital Forensic Science
👍 Subscribe → bit.ly/2Ij9Ojc
❤️ YT Member → bit.ly/DFIRSciMember
❤️ Patreon → www.patreon.com/dfirscience
🕸️ Blog → DFIR.Science
🤖 Code → github.com/DFIRScience
🐦 Follow → DFIRScience
📰 DFIR Newsletter → bit.ly/DFIRNews
010100110111010101100010011100110110001101110010011010010110001001100101
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Please link back to the original video. If you want to use this video for commercial purposes, please contact us first. We would love to see what you are doing.
Переглядів: 17 407
Відео
Digital Forensics and the Military - Interview with Andrew Lister
Переглядів 5 тис.Рік тому
Win Prizes! Take the quiz here: forms.gle/vAhy7NFfei5ZVuLy8 (open until 2022-08-19) We often talk about digital forensics in criminal and civil investigations, but a lot of innovation happens in military acquisition and investigations. Join us on August 15th as we speak with Andrew Lister from Detego Global about starting a digital forensics career via the military. We will also be giving away ...
Forensics: What data can you find in RAM?
Переглядів 7 тис.Рік тому
To determine if you need to collect Random Access Memory on-scene, it is useful to know what kinda of investigation-relevant data is often available in RAM. Random Access Memory forensics starts with acquiring RAM from a live (turned on) system. There are several ways to collect the contents of RAM from a computer. Almost all of them require Live Data Forensics, a type of forensic practice that...
Windows and Linux Authentication Bypass with AIM
Переглядів 4,7 тис.Рік тому
This video is not sponsored by Arsenal Recon. Arsenal Image Mounter 3.9 is out and has a lot of new features. You need to check out three features: Windows authentication bypass with Data Protection API (DPAPI) bypass, Linux authentication bypass, and Virtual DD. This video shows how to quickly and easily access a virtualized suspect disk! Thank you to our Members and Patrons, but especially to...
What is Random Access Memory?
Переглядів 2,2 тис.Рік тому
Random Access Memory forensics starts with acquiring RAM from a live (turned on) system. There are several ways to collect the contents of RAM from a computer. Almost all of them require Live Data Forensics, a type of forensic practice that deals with computers or devices powered on, and the data is changing. Thank you to our Members and Patrons, but especially to TheRantingGeek, Roman, Alexis ...
Fast password cracking - Hashcat wordlists from RAM
Переглядів 14 тис.Рік тому
Password cracking often takes a long time. Brute force is normally your last option. But before that, a wordlist usually helps guess the password faster. Popular wordlists like Rockyou are good for general cases, but making password lists specific to the user can produce faster results. One of the best data sources to produce a customized wordlist is a target's RAM. Thank you to our Members and...
Linux LVM Ext4 Support in Windows with Arsenal Image Mounter
Переглядів 1,9 тис.Рік тому
Previously we showed how to access a Linux Logical Volume Manager partition inside a forensic disk image. We were looking for a way to access the LVM partition in Windows, and Arsenal Recon helped us out! Thank you to our Members and Patrons, but especially to our Investigators, TheRantingGeek, Roman, and Alexis Brignoni! Thank you so much! This video is about a (currently unreleased v3.9) of A...
Mounting Linux Logical Volumes in Forensic Disk Images
Переглядів 3,1 тис.Рік тому
Linux supports Logical Volume Management, which assists in managing partition features such as resizing and encryption. However, many forensic tools cannot directly access data on an LVM partition. Thank you to our Members and Patrons, but especially to our Investigators, TheRantingGeek, Roman, and Alexis Brignoni! Thank you so much! First, your forensic workstation must understand the volume g...
Linux Forensics with Linux - CTF Walkthrough
Переглядів 14 тис.Рік тому
Cyber5W released a mini Linux Forensics capture the flag (CTF) as part of the Magnet User Summit 2022. [lfmus22.cyber5w.net/] It is open until the end of the year. And while there are no prizes, it is an excellent way to practice investigating Linux systems. The scenario is an internal policy violation. Each system has some suspect user activities. However, the questions only somewhat related t...
Tableau External Write Blocker Setup and Forensic Imaging Walkthrough
Переглядів 11 тис.2 роки тому
How to connect and make a forensic image with Tableau external write blockers. Forensic write blockers prevent the forensic workstation from modifying the source disk. Physical write blockers physically prevent write commands from being sent to the disk, while software write blockers attempt to block writes at the kernel (OS) level. Today we look at three external physical write blockers and ho...
Starting in Digital Forensics: Conferences and Presentations
Переглядів 1,3 тис.2 роки тому
Ever wonder how to be accepted to a conference? Today we talk about different types of tech conferences, and how to get started both attending and giving presentations at conferences. 00:00 DFIR Conferences 00:43 Why go to conferences? 03:24 Types of conferences 07:14 Workshops 07:54 How conference work 09:48 How to be accepted to a conference 12:59 Conference Tips 15:45 More conference tips 18...
What's in the box? Atola Insight & DiskSense II
Переглядів 1,5 тис.2 роки тому
What's in the box? Atola Insight & DiskSense II
What's in the box? Tableau Forensic Imager TX1!
Переглядів 3,9 тис.2 роки тому
What's in the box? Tableau Forensic Imager TX1!
What's in the box? Digital Intelligence UltraBlock Kit!
Переглядів 2,3 тис.2 роки тому
What's in the box? Digital Intelligence UltraBlock Kit!
Introduction to Memory Forensics with Volatility 3
Переглядів 58 тис.2 роки тому
Introduction to Memory Forensics with Volatility 3
Data Artifacts, Analysis Results and Reporting in Autopsy 4.19+
Переглядів 26 тис.2 роки тому
Data Artifacts, Analysis Results and Reporting in Autopsy 4.19
Starting a New Digital Forensic Investigation Case in Autopsy 4.19+
Переглядів 117 тис.2 роки тому
Starting a New Digital Forensic Investigation Case in Autopsy 4.19
Digital Forensic Scientist Reacts: Criminal Minds S01E01 - Extreme Aggressor
Переглядів 9 тис.2 роки тому
Digital Forensic Scientist Reacts: Criminal Minds S01E01 - Extreme Aggressor
Intro to Windows Forensics: Windows Registry Artifacts - TryHackMe Walkthrough
Переглядів 24 тис.2 роки тому
Intro to Windows Forensics: Windows Registry Artifacts - TryHackMe Walkthrough
Software supply chain and vulnerability assessment with syft and grype
Переглядів 1,7 тис.2 роки тому
Software supply chain and vulnerability assessment with syft and grype
Log4j vulnerability, supply chain attacks and SBOMs
Переглядів 6582 роки тому
Log4j vulnerability, supply chain attacks and SBOMs
Bitcoin forensics - visualizing blockchain transactions with Maltego
Переглядів 12 тис.2 роки тому
Bitcoin forensics - visualizing blockchain transactions with Maltego
Bitcoin investigation and wallet seizure
Переглядів 10 тис.2 роки тому
Bitcoin investigation and wallet seizure
Cryptocurrency Investigation - Blockchain basics
Переглядів 10 тис.2 роки тому
Cryptocurrency Investigation - Blockchain basics
iPhone forensics with Linux command line and bplister
Переглядів 3,9 тис.2 роки тому
iPhone forensics with Linux command line and bplister
Fast Software Prototyping - Python iLEAPP module example
Переглядів 9992 роки тому
Fast Software Prototyping - Python iLEAPP module example
Fast iPhone forensic analysis with iLEAPP
Переглядів 10 тис.2 роки тому
Fast iPhone forensic analysis with iLEAPP
Robinhood Leaks 7 Million User Records - what's next?
Переглядів 8422 роки тому
Robinhood Leaks 7 Million User Records - what's next?
Artifacts missing? Write an ALEAPP module!
Переглядів 1,2 тис.2 роки тому
Artifacts missing? Write an ALEAPP module!
Fast Android forensic triage with ALEAPP
Переглядів 4,1 тис.2 роки тому
Fast Android forensic triage with ALEAPP
The link is broken for Snappy, not sure where to go from there.
Thank you *arcquirky* your sense of humor is top notch and working with a great team like yours make recovering of stolen funds easy and straightforward i cant believe i got my crypto funds back reach out to them on there info today
On insta
Since all my ideas were stolen from me while trying to defend myself against terrorism for years now. Still struggling with the same people and Google continues to use my my intellectual property for their own profit. Lawyer help?
I think the parts of FTK imager was missing, it should be at somewhere between 7.1 and 7.2.
17:23 WW2 flashbacks started to kick in.
is there another option beside LiME? because this tool is no longer maintained and already archived on Github. Unfortunately
I am a graduate Information Systems graduate. However, would like to persue digital forensic.Will it be possible without a CS degree?
Thank you for this course sir. I have a question please. All these disk images that were analysed using photorec, tsk_recover and sleuthkit. You didn't say how they were captured. Were they captured using the FTK imager or another software. Thank you. Hoping for your response.
Undoubtedly your lecture is very interesting and useful
ахуеть
Kya is app ko mobile 📲 phone me use kr skte he
Thanks for the video. It was great.
btw default windows ocr better than tesseract in my language
Thanks for the clear and persice exlplaination....
How about android one? My android processor its dimensity 8050 when my laptop is using pentium n3710
I wonder why I can't save this video so I can come back to it later
i can barely see anything.... i dont know if i'm the only one having this problem..
Thanks!
Thanks!
Thanks!
could you share ctf files? because they are not available to download
12:54 deleted
Neat
Thank you for your great video. I have a question what is the diference between .mem and .raw memory files? Can I obtain from FTK imager the .raw memory file?
Registry viewer alerts me that I can't open my NTUSER.DAT file because it is open.
This is so resourceful 😊 please I need explanations on the types of digital evidence.
Hi Joshua, my name is Terrance Doweh. i send you a email 3 days ago in regard to your forensic course. i want to understand few things before purchasing the course. Hope to hear from you soon.
Outstanding job, *Adriannotch* I'm so glad you're out there battling these vile con artists. We must take every precaution to protect the general people and the elderly from these vile con artists!! Bravo to you! You ought to be awarded the Nobel Prize for protecting us. Big up, brother
A job well done, *Adrian notch* - Your being out there fighting these scum is a relief. The public and especially the elderly are vulnerable to these despicable scam artists, and we must take all necessary measures to safeguard them. I am really happy for you! Keep us secure; for that, you should get the Nobel Peace Prize.
It is seriously sickening how scammers can do this I'm so glad there are people like you *Adrian notch* fighting for everyone else
As a Caucasian, I'm sorry for what these people are doing, *Adrian notch* please keep on exposing these scammers
Dude, *Adriannotch* you are a modern-day hero. So glad law enforcement is on board.!!!!!
I would like to sincerely thank you from the bottom of my heart! So many from tough harsh living conditions that suffer and you helping and giving them something that they desperately need just to survive. I thank God for wonderful people like you that are making the differences that truly matter most! God bless THE ADRIAN NOTCH !
I would like to sincerely thank you from the bottom of my heart! So many from tough harsh living conditions that suffer and you helping and giving them something that they desperately need just to survive. I thank God for wonderful people like you that are making the differences that truly matter most! God bless THE ADRIAN NOTCH !
I would like to sincerely thank you from the bottom of my heart! So many from tough harsh living conditions that suffer and you helping and giving them something that they desperately need just to survive. I thank God for wonderful people like you that are making the differences that truly matter most! God bless THE ADRIAN NOTCH !
I can't imagine how hard it would be to decide to take on a moneygetback role of scammed persons. The history need to be remembered though and the help that was born through such pain and suffering. Mad respect to these. *Adriannotch* that take on these roles
I can't imagine how hard it would be to decide to take on a moneygetback role of scammed persons. The history need to be remembered though and the help that was born through such pain and suffering. Mad respect to these. *Adriannotch* that take on these roles
I can't imagine how hard it would be to decide to take on a moneygetback role of scammed persons. The history need to be remembered though and the help that was born through such pain and suffering. Mad respect to these. *Adriannotch* that take on these roles
This is an amazing channel and I have grounds to believe you are the jesus of DFIR
it will be helpful if you could give us the book link (operating system concepts)
Thank You. This was helpful
Nothing showing in kali linux
On peu Récupérer les données a l'intérieur du Disque tel quel Avec cette appareil ?!
Thanks!!!
So what was the secret information here ? All you talked is some public info from the blockchain and repeated bunch of bs
Thx!
It is a good video, I was looking for someone to explain how to do it with a created web page and no one explained, you did it in detail, you deserve more support
quality.
very gud job
how did you know its coinbase ? how do we figure out the exchanges involved in the transactions ?