Author Archives: [email protected]

About [email protected]

[Between Teams of Red and Blue, I'm with the Purple Team]

Investigating Windows Systems (Book Review)

Hello, We have a saying in Arabic “ان تأتي متآخراً، خيراً من أن لا تأتي أبدا” and in English “Better late, than never!”. This is my review to Harlan Carvey‘s last book titled “Investigating Windows Systems” which I should have … Continue reading

Posted in Books, Forensics, Investigations, Windows | Tagged , , , , , , , , , | Comments Off on Investigating Windows Systems (Book Review)

Cuckoo VM for Malware Analysis

Cuckoo VM prepared for Malware Analysis Continue reading

Posted in Forensics, Malware, Research, ThreatHunting, Virtualization | Tagged , , , , , | Comments Off on Cuckoo VM for Malware Analysis

Acquiring Linux Memory using AVML and Using it with Volatility

This is another quick post going over the process to acquire memory from a Linux system, but instead of using LiME, I’m going to use AVML which stands for Acquire Volatile Memory for Linux, and could be found here. The … Continue reading

Posted in DFIR, Forensics, Memory, Software/Tools | Tagged , , , , , , , | Comments Off on Acquiring Linux Memory using AVML and Using it with Volatility

Forensic Acquisitions over Netcat

In the past I used to write here what I did so I do not forget, so I’ll try to get back to that habit again :) These days whenever I find time, I’m playing with TSURUGI, which is a … Continue reading

Posted in DFIR, GNU/Linux | Tagged , , , , , , , , , | Comments Off on Forensic Acquisitions over Netcat

Windows InstallTime vs InstallDate Registry Values

This is just a quick post about two Registry Values InstallTime and InstallDate which are found under the following key: SOFTWARE\Microsoft\Windows NT\CurrentVersion The confusion happens when my students ask which one is correct?

Posted in Forensics, Windows | Tagged , , , , , , | Comments Off on Windows InstallTime vs InstallDate Registry Values