#dfir

The last few days I was working on a case that made me thinking. Its about a 15yr old boy who was victim to bullying at school. He came up with the story that his bully accesses his (and his parents) devices (phones, laptops). Changing hostnames, in-/uninstalling apps, sending text messages from one device to the other and the like. Finally there was a death-threat in a text file on the laptop. My job was to prove or disprove the accusations. Of course all this was made up and not a single trace on the devices supported his claims. Quiet the opposite. It was easy to prove, he staged all himself. Unfortunately his parents are extreme no-tech people and believed their son every word how unlikely and not-technically-possilble his claims even were. But that's another story. But... what a hell must he have lived in to stage such a story. And if your kid comes up with some outrageous story ... there might be something behind, you should ask questions about. -- BTW: The boy changed the school in the meantime.. and like magic.. no more "hacker" harassing him. Stupid story, good ending. #digitalforensics #dfir #bullying

Have you ever tried doing digital forensics using an SBOM or even just gathering evidence for a technical investigation from one? No file hashes, a single cryptographic signature covering an arbitrary set of files, and often missing full paths or permissions. Many SBOM standards need a serious revamp if they are to support DFIR use cases #dfir #sbom #openstandard