Digital Forensics Tips

  One question that I’ve been asked a few times in the past year is if I was aware of a good tool to transcribe text from a video or audio file. AWS has its transcribe API for this, but there is a monthly free limit before it starts charging. There is now a fantastic free option in the form of OpenAI’s Whisper. With the increasing amount of audio and video content being generated and made available online, the ability to quickly and accurately transcribe this content is becoming increasingly important. OpenAI's Whisper audio-to-text capability offers a powerful solution to this problem. Whisper is a deep learning-based model trained on large amounts of data to produce high-quality text transcriptions from audio. It has been specifically designed to transcribe speech in various settings, including noisy environments, and to handle multiple speakers and accents. The model has been trained on a wide range of data, including publicly available audio content, which means that it is

  Recently I wrote a blog post taking a quick look inside the files from some recent malware stealer logs. I got asked (by @Harisfromcyber on Twitter) about the safety precautions one should take when downloading files like this. I thought it was a great question, and I honestly didn’t think I could do it justice in a Twitter thread, so I promised to write a blog post. In this post, I’m not going to focus on using VPNs to manage your attribution but on steps to harden your operating system when downloading and reviewing potentially malicious files. 1: Make sure your software is up to date. This almost seems too obvious to state, but it isn’t. Modern operating systems and web browsers are really good at forcing themselves to update regularly, but what about other software installed on the system? The software you use to play media files, unzip files, etc. can sometimes be outdated. If you have the file extraction software WinRAR on your computer when was the last time it was upd

  Organizations adjust to changing tactics. This includes both legitimate businesses and criminal enterprises. One example is ransomware. Years ago, ransomware was about holding people’s data hostage unless they paid to get it back. While that is, unfortunately, still an effective business model, some businesses got better at protecting their backups and being able to recover their data without paying the ransom. Once this happened more frequently, ransomware operators needed to adjust their tactics slightly. This adjustment was stealing a copy of an organization’s data for themselves and threatening to release it publicly on the dark web if the ransom was not paid. This caused some businesses that could recover their data to pay the ransom still to avoid sensitive data being released publicly. Botnets have been around the internet for a long time. A botnet is where a hacker places malware on many systems to gain control of these systems and use them for various purposes, including d