I played the Belkasoft CTF recently (writeup coming soon) and as part of it, one of the questions involved the app Splitwise. I've used this app in the past for personal usage so I figured now that I have a file system dump from the competition I can take a... [Read More]

Shortlink: startme.stark4n6.comQR Code:If people have suggestions for additions please feel free to shoot me a message on the app formerly known as Twitter (@KevinPagano3) or Mastodon.Blog FeedDjango FaiolaDistros & VMSCommando - Complete Mandiant Offensive VMForensic Toolsmacosac - Forensic Artifact Collection Tool for macOSZircolite - A standalone SIGMA-based detection tool for EVTX, Auditd and Sysmon... [Read More]

Cipher | iOSNow for the last section, the Android phone.Evidence: Google Pixel 3a XL Logical Image - Data.tar | Facebook ReturnPress x to RespawnOn what platform did Rocco share his Call of Duty Username?I switched over to Conversation view to possibly narrow the scope to just communications. Out of Android Messages, SMS,... [Read More]

Cipher | AndroidPart two is upon us, here I'll be going through the iOS section.Evidence: 00008110-000925383620A01E_files_full.zipWhy are your messages green?On what date did Rocco and Chadwick first meet in person according to their conversations? YYYY-MM-DD formatVia iLEAPP we can check out the SMS messages. We see some messages about meeting at city... [Read More]

The Magnet Forensics CTF is upon us again and this year it was a little bit different (for me at least). I had the pleasure of helping Jessica Hyde and the Champlain students on the other side of the computer this year. I assisted with answer verification and backend support.... [Read More]