Talati Keyur

What is threat hunting? Threat hunting is a process to capture the things which are dangerous for  organization The process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions is called threat hunting. With the help of threat hunting we can protect the organization from a cyber-attack in advanced to avoid damage. How threat hunting can help to stop future cyber-attacks ? It Is necessary to apply threat hunting for any organization Let assumes that a hacker install a threat (Ransom ware) in a network but right now he does not want to encrypt the whole network. So he will wait for a perfect time and then he will encrypt the network and ask admin for ransom. Now if that organization is using threat-hunting technology than the expert continuously search for the threat. Suppose an expert find the ransom ware, which are in dead state right now. So expert can easily remove that ransom ware and can save the org

what is a log file for a server? Every server contain some basic details of their client in from of a file That file is called a “Server Log File”.  It automatically saves the information about IP address, time, HTTP status code and some other details. They are stored under /var/log/Apache2/access.log directory for a Linux based server. How to check a log file? To inspect a log file there are two ways Manual inspection Tool base inspection    In most of the cases cyber expert, prefer manual inspection. How to apply manual inspection on a log file? First of open log file using cat command to inspect it. You may find different data into that file.  Now there is always a reason why you are applying that inspection. The answer is that there was an attack happened on your server. Now to investigate that attack you are applying inspection.  Now you may find that the data are lengthy to investigate. For faster investigate you can find some words related to that attack. Suppose there is SQL-In

There are many tools available for data recovery in the market . Some of the tools are as follow Encase FTK manager Manager RAM capture  X-ways forensic Sleuth kit (+autopsy) Paladin Disk Drill Restoration (Window) Disk Drill . Disk Drill is an undeniable leader among data recovery software, it can recover deleted files from your device even if it is failing, unreadable, or has lost a partition. Features : You can recover up to 500MB of data free with Disk Drill for Windows. Unlike any other, the app has two important additional data loss prevention functionalities. The first, Recovery Vault, adds a layer to the Recycle Bin and keeps a backup reference to all deleted files. The second, Guaranteed Recovery, keeps a copy of each file moved to a previously selected folder, as for example the Recycle Bin. In addition, Disk Drill allows users to create image files in the form of ISO, IMG or DMG files. Therefore in practice, enables the user to conduct the data search in a clone, without ta

What is USB forensic? Digital Forensics analysis of USB forensics include preservation, collection, Validation, Identification, Analysis, Interpretation, Documentation, and Presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal. Sometime it is necessary to check weather the given file from the USB is as it as the sender send or not? It may be possible that the third party or an attacker can modify the data. To ensure this problem USB forensic is used. How to check the data integrity from USB drive? There is a function called MD checksum in any file. The value for the MD5SUM Is changed whenever the file is modify. Suppose sender A want to send the file acb.txt to receiver B Now with the file abc.txt a sender can also send the md5sum of that file to receiver B Note at the time of receiving the file , receiver B can check the md5sum of received file abc.txt and compare tha sum to the sen