A field guide on analyzing suspicious emails written by Brian T. Carr.
Memory Analysis Lab for Computer Forensics and Investigation Methods
This lab consisted of a mock investigation of a memory capture image.
An Analysis of Nation-State Phishing Email Attack Vectors
In the past few years crimes carried out within the cyber-domain have increased in sophistication and narrowed to targets providing the greatest return value. (Ghafir & Přenosil, 2015, p. 34) In 2018 alone phishing email attack vectors accounted for 26,379 individuals losing a total of over forty-eight million dollars. That figure does not account for the crimes which go unreported. (Internet Crime Complaint Center, 2019) Phishing email attack vectors and other social engineering attack vectors are among the highest concern for any organizational entity as it exploits the employee. (Sebescen & Vitak, 2017, p. 2238) Phishing emails have been very successful in recent years partially due to favorable technical and economic conditions. (Milletary, 2013, p. 1) Keeping that in mind, it a frightening fact that the presence of malicious phishing campaigns has steadily continued to increase. Some of these malicious phishing campaigns have been tied back to nation-state threat actors including Advanced Persistent Threats (APTs) and malicious e-crime groups. (Verizon, 2016, p. 12) APT actors have been observed implementing phishing email attack vectors in their campaigns. The effectiveness of phishing email attack vectors may explain why the most devious cybercrime organizations choose to employ them.
Thumper - An Email Header Parser
Uploaded to GitHub 8/7/2019
During my internship on the Computer Emergency Response Team at the Center for Internet Security, I have regularly been tasked with analyzing suspicious emails. When analyzing these emails, I found myself commonly reading the headers of .eml files. Thumper parses out and highlights key artifacts which may be useful to analysts.