Category Archives: DFIR

Speaking at NCCC 2024

Next week, I will be speaking at the National Cyber Crime Conference 2024 for the second year in a row. This year Dr. Mariam Khader and myself will be running 4 different investigation workshops, mostly focusing on malware analysis with … Continue reading

Posted in Conferences, Cyber 5W, DFIR, Forensics, Investigations, Malware, Research, Workshops | Tagged , , , , , , , | Leave a comment

C5W Certified Malware Analyst (Friday Giveway) #1

Last week’s Friday Giveway was the C5W Certified Malware Analysis Course that can be found here. This is an amazing course for those interested in doing Malware Analysis and it has over 45 hands-on labs. These are instructional and guided … Continue reading

Posted in C5W, DFIR, Life, Malware | Tagged , , | Leave a comment

Malware Tools, Tips and Tricks

In the past, I used to maintain a Google Doc with all the tools I use or recommend for my students to use for Malware Analysis. A couple of days ago, while doing a Malware Analysis workshop for NW3C, I … Continue reading

Posted in Academia, AntiX, DFIR, Investigations, Malware, Research, Software/Tools | Tagged , , , | Leave a comment

Windows Sandbox Scripts

Windows Sandbox is an amazing Windows feature that could be used for Malware Analysis. In order to install it you’ll need to follow this blog post here by Microsoft.

Posted in DFIR, Investigations, Malware, Research, Security, Software/Tools, ThreatHunting, Virtualization, Windows | Tagged , , | Leave a comment

Memory Forensics – RansomCare Investigation Case 1

In this case you are required analyze a memory dump of a Windows 10 system that has been hit with RansomCare. E01 for the Memory Dump could be found: here Find RansomCare’s code, dump it. and explain what happened to … Continue reading

Posted in Anti-Forensics, Challenges, Cyber 5W, DFIR, Forensics, Investigations, Malware | Tagged , , , , , , , , | Comments Off on Memory Forensics – RansomCare Investigation Case 1