Digital Forensic Scientist

less than 1 minute read

The logging software Log4j was recently found to have an injection vulnerability that allowed remote code execution (RCE) among other vectors of attack. The vulnerability was interesting because so many software packages use log4j code as a dependency, meaning that all dependent software was also vulnerable.

We briefly discuss the Log4j vulnerability, but then move to the bigger issue that allows these kinds of attacks: software supply chain.

Organizations were scrambling to understand their software supply chain during an incident. Instead, an organization can create a Software Bill of Materials (for free using open source tools) for their systems. Essentially, an inventory of all systems, software, and software dependencies in the organization.

SBOMs greatly assist in detecting vulnerable systems, mitigating risk to infrastructure, and possibly even helping with incident response and digital forensic investigations.

You may also enjoy

iLEAPP and RLEAPP updates and dev thoughts

Alex (@kviddy) has been pushing some extremely useful updates to the open-source Android forensic tool - [ALEAPP](https://github.com/abrignoni/ALEAPP]. Speci...

What data can you find in RAM?

To determine if you need to collect Random Access Memory on-scene, it is useful to know what kinda of investigation-relevant data is often available in RAM.

Modular artifact scripts coming to iLEAPP

kviddy has been pushing some great core updates to ALEAPP. Specifically, artifact scripts are now self-contained. This means that script authors no longer ne...