misp-wireshark v1.1 released including support for tshark, installation error and various improvements.
misp-wireshark is a Lua plugin intended to help analysts extract data from Wireshark and convert it into the MISP Core format
https://github.com/MISP/misp-wireshark
#misp #wireshark #ThreatIntelligence #opensource #networkanalysis #dfir
The long awaited CyberPipe is here. A ton of updates to the script. See the blog post for the updates, and the problems and solutions found along the way.
Then head over to the releases on GitHub and try it out for yourself.
#DFIR thoughts ðŸ’
Data without context serves little to no purpose.
Had a case recently where images of interest were found in the #Android Chrome cache. These images were carved, by the paid #DigitalForensics tool, out of the cache files and that was it. When I looked at the source file I could see a URL as well as other data points. The URL was key since it established receipt of the files which fulfilled certain statutory requirements.
As examiners and tool makers we need provide the necessary context that brings the past to the present. Just parsing things out in categories is not enough. Information only has value when it is aggregated into knowledge.
Android Chrome cache parsing has been added to #ALEAPP.
Thanks to @joshua_hickman1 for his public data sets and testing in Windows.
Get ALEAPP here:
🔗 https://github.com/abrignoni/ALEAPP
TIL - Just because your code works for you doesn't mean it will work for everyone. Coding is hard work. Coding for Open Source projects requires a lot of extra thought about how the end user will use your code and potentially break your code or wind up with unexpected outcomes from using your code in a way that was unintended.
Don't let this be a discouraging message though, because the success is worth the hard work.
Finally, take a moment to thank those open source developers for all their hard work!
Today, I am releasing Version 1.0 of Case_Notes.py - A cross-platform (Windows, macOS, & Linux) python script to help make the case documentation process easier.
Some of the main features:
Easy to install and use.
Lightweight - easy on CPU and memory resources.
Automatic OS detection.
Ability to take selective screenshots for case documentation.
Log file contains notes entries prepended with date/time stamps in UTC or Local Time format.
Case_Notes.py was originally designed to expedite the documentation process of a digital forensic examinations. However, this tool could also be used in:
Open Source Intelligence (OSINT) investigations.
Social Media Intelligence (SOCMINT) investigations.
Notes during penetration tests.
Capture the Flag (CTF) events.
General note taking.
And so much more!
The latest version of this tool can be found here:
https://github.com/jgasmussen/Case_Notes.py
In the next blog post, I will be sharing information about setting up and staging a DFIR kit. Stay tuned for more information.
Last but certainly not least, I want to publicly acknowledge Alexis Brignoni (@[email protected]) for his willingness to help me along on my Python journey. He helped review my code and offered of his time and talents. He also has a wealth of information on his blog https://abrignoni.blogspot.com. Give him a follow and checkout his GitHub page for some other awesome forensic tools, https://github.com/abrignoni.
Case_Notes.py is a cross-platform (Windows, macOS, & Linux) python script to help make the documentation process easier. - GitHub - jgasmussen/Case_Notes.py: Case_Notes.py is a cross-platform (...
MISP
Doug Metz
Alexis Brignoni 
Jessica Hyde
