SANS Digital Forensics and Incident Response Blog: Author - jeffbryner

Nokia n900 mobile forensic cheat sheet

Nokia N900
Shadowed by coverage of all things Nexus and iPad, Nokia's new n900 is the unsung hero of the smart phone world. That's just fine for folks like DT and HD and anyone else looking for a *phone* that runs nmap, aircrack, metasploit and wireshark. Future functionality includes backtrack itself packaged as neopwn v2!

Cutting to the chase then this is a quickie cheat sheet about forensic artifacts on the n900 and where to find

...


Facebook Memory Forensics

OK, like everyone I joined facebook just to get updates on my high school reunion. (Who knew you could also use it as a possible alibi.)

But then, after writing pdgmail and pdymail and seeing all the neat personal information in facebook...tada pdfbook! Memory parsing to grab facebook info.

Like it's predecessors pdgmail and pdymail, I'm following the simple construct that memory strings are easy to get to and yield a treasure of information given today's


Facebook Forensics

by Jeff Bryner

Like most, I recently read the story of the EMT who posted a grisly picture to Facebook via his mobile phone. This got me thinking about social network forensics. I just happened to have joined Facebook (am I the last one?) and being of forensic mind... this post.

The issue that brings forensics into the case? The claim is that his post is by accident and was unintentional.

Now Facebook has a long history of privacy misunderstandings, and being a brand new user I can attest that it's nearly impossible at first glance to determine the privacy of the items you post. Is

...


Using mind maps in forensics

by Jeff Bryner

I've been playing with mind mapping software lately, mostly using the wonderfully open source freemind.I'm definitely not the first one to consider using this for forensic analysis, but hopefully I can help spread the meme and help us all organize our thoughts.

Just for fun, here's a sample starting point for a fake embezzlement case if you've not seen a mind map before:
basic mind map

I've posted it here in case it's easier to start

...


Google Privacy tip of the day

by Jeff Bryner

If I keep writing on Google and forensics, they'll probably re-arrange my searches someday to all return kittenwar. However, just for you I'll sacrifice my sanity to pass on a helpfull tidbit about Google Toolbar.

Whether you're looking to determine information about what's in the toolbar, or looking to protect your privacy you may be interested to know that on startup the toolbar retrieves the favicon.ico file of all sites in your bookmark list.

I don't normally use it, but in deciphering some web traffic I had a hunch to work out so I tested it against XP and IE. I bookmarked two sites, rebooted and restarted IE with a blank home page. The network traffic on

...