Author Archives: [email protected]

About [email protected]

[Between Teams of Red and Blue, I'm with the Purple Team]

Cuckoo VM for Malware Analysis

Cuckoo VM prepared for Malware Analysis Continue reading

Posted in Forensics, Malware, Research, ThreatHunting, Virtualization | Tagged , , , , , | Comments Off on Cuckoo VM for Malware Analysis

Acquiring Linux Memory using AVML and Using it with Volatility

This is another quick post going over the process to acquire memory from a Linux system, but instead of using LiME, I’m going to use AVML which stands for Acquire Volatile Memory for Linux, and could be found here. The … Continue reading

Posted in DFIR, Forensics, Memory, Software/Tools | Tagged , , , , , , , | Comments Off on Acquiring Linux Memory using AVML and Using it with Volatility

Forensic Acquisitions over Netcat

In the past I used to write here what I did so I do not forget, so I’ll try to get back to that habit again :) These days whenever I find time, I’m playing with TSURUGI, which is a … Continue reading

Posted in DFIR, GNU/Linux | Tagged , , , , , , , , , | Comments Off on Forensic Acquisitions over Netcat

Windows InstallTime vs InstallDate Registry Values

This is just a quick post about two Registry Values InstallTime and InstallDate which are found under the following key: SOFTWARE\Microsoft\Windows NT\CurrentVersion The confusion happens when my students ask which one is correct?

Posted in Forensics, Windows | Tagged , , , , , , | Comments Off on Windows InstallTime vs InstallDate Registry Values

Update: Hidden Prefetch Files Detection using New PECmd

Before diving into this post, I wanted to say, that I have been teaching digital forensics for a long time by now, and in my Operating System Forensics class, I use Eric Zimmerman‘s tools a lot, and when I say … Continue reading

Posted in AntiX, ThreatHunting, Windows | Tagged , , , , , , , , | Comments Off on Update: Hidden Prefetch Files Detection using New PECmd