-
-
Recent Posts
- Linux Forensics Workshop
- Investigating USB Drives using Mount Points Not Drive Letters
- No Drive Letter, No USB Evidence? Think Again!
- Howto Setup and use the CuckooVM v2
- Investigating Windows Systems (Book Review)
- Cuckoo VM for Malware Analysis
- Acquiring Linux Memory using AVML and Using it with Volatility
-
Categories
- Academia (20)
- Android (1)
- AntiX (3)
- Apache/Tomcat (8)
- Arabnix (6)
- BackTrack (5)
- Books (17)
- Challenges (1)
- Companies (16)
- Database (23)
- Development (31)
- DFIR (6)
- Exploitation (6)
- Firewalls (20)
- Footprinting (14)
- Forensics (17)
- Fun (29)
- GNU/Linux (101)
- HDFS (1)
- IDS/IPS (4)
- Investigations (5)
- Kernel (23)
- Life (159)
- Linux Security (68)
- Linux Services (37)
- Malware (3)
- Memory (1)
- Metasploit (6)
- Mobile (3)
- Networks (44)
- News (75)
- OSINT (6)
- Patch Management (5)
- PCI Compliance (8)
- PenTest (51)
- Poems (9)
- PortKnocking (10)
- Privacy (4)
- Publications (12)
- Real Madrid (17)
- Research (2)
- Security (82)
- Snippets (33)
- Social Engineering (4)
- Software/Tools (51)
- Sport (79)
- ThreatHunting (3)
- Unix (12)
- Virtualization (23)
- Vulnerability (6)
- Web Security (12)
- Webapp (4)
- WHM/Cpanel (6)
- Windows (13)
- Workshops (1)
- z0ne (16)
Archives
Author Archives: [email protected]
Linux Forensics Workshop
Hello, I’ve been invited by the Saudi Federation for Cyber Security and Programming (SAFCSP) to do a Linux Forensics workshop during their series of Cybersecurity Nights. My session will be next Thursday, May 14th, 2020 at 10:00 PM (KSA time) … Continue reading
Posted in Forensics, Investigations, Workshops
Tagged Forensics, Investigations, Linux, SAFCSP, Workshop
Leave a comment
Investigating USB Drives using Mount Points Not Drive Letters
Yes, another excellent question came up by one of my students: If a user mounts the volume to a mount point, what artifacts could we find for the USB? Starting I think from Windows 8.1 or 10, a user could … Continue reading
Posted in DFIR, Forensics, Investigations, Windows
Tagged DFIR, Forensics, Investigations, registry, Registry Explorer, RegRipper, USB, Windows, Windows and tagged Computer Forensics
Leave a comment
No Drive Letter, No USB Evidence? Think Again!
This post is about a question asked: If the user removes the drive letter to hide the presence of a mounted USB drive, could we still locate that drive in the Windows Registry? Short answer is, YES it will still … Continue reading
Posted in DFIR, Forensics, Investigations, Windows
Tagged Computer Forensics, DFIR, registry, Registry Explorer, RegRipper, USB, Windows
Leave a comment
Howto Setup and use the CuckooVM v2
This post should cover the basics of how to import and run a basic analysis using the Cuckoo VM which could be found here. I’m referring to this VM as CuckooVM version 2, since if you’ve been following, you already … Continue reading
Posted in DFIR, Forensics, Investigations, Malware, Virtualization
Tagged Cuckoo, DFIR, Malware, Malware Analysis, Nested Virtualization, Sandbox, Virtualization
Leave a comment
Investigating Windows Systems (Book Review)
Hello, We have a saying in Arabic “ان تأتي متآخراً، خيراً من أن لا تأتي أبدا” and in English “Better late, than never!”. This is my review to Harlan Carvey‘s last book titled “Investigating Windows Systems” which I should have … Continue reading
Posted in Books, Forensics, Investigations, Windows
Tagged Analysis, Artifacts, DFIR, Investigating, Micro-Timelines, Pivot Points, Review, Skills, Timelines, Windows
Comments Off on Investigating Windows Systems (Book Review)
