Category Archives: Investigations

Speaking at NCCC 2024

Next week, I will be speaking at the National Cyber Crime Conference 2024 for the second year in a row. This year Dr. Mariam Khader and myself will be running 4 different investigation workshops, mostly focusing on malware analysis with … Continue reading

Posted in Conferences, Cyber 5W, DFIR, Forensics, Investigations, Malware, Research, Workshops | Tagged , , , , , , , | Leave a comment

Malware Tools, Tips and Tricks

In the past, I used to maintain a Google Doc with all the tools I use or recommend for my students to use for Malware Analysis. A couple of days ago, while doing a Malware Analysis workshop for NW3C, I … Continue reading

Posted in Academia, AntiX, DFIR, Investigations, Malware, Research, Software/Tools | Tagged , , , | Leave a comment

Windows Sandbox Scripts

Windows Sandbox is an amazing Windows feature that could be used for Malware Analysis. In order to install it you’ll need to follow this blog post here by Microsoft.

Posted in DFIR, Investigations, Malware, Research, Security, Software/Tools, ThreatHunting, Virtualization, Windows | Tagged , , | Leave a comment

GOADv2 in a VM

Hello, I finally was able to play with the GOAD v2 project and configure it to run within a single VM using nested Virtualization. From the developer of the project “GOAD is a pentest active directory LAB project. The purpose … Continue reading

Posted in Exploitation, Investigations, PenTest, Research, Virtualization, Vulnerability, Windows | Tagged , , , , | Leave a comment

Memory Forensics – RansomCare Investigation Case 1

In this case you are required analyze a memory dump of a Windows 10 system that has been hit with RansomCare. E01 for the Memory Dump could be found: here Find RansomCare’s code, dump it. and explain what happened to … Continue reading

Posted in Anti-Forensics, Challenges, Cyber 5W, DFIR, Forensics, Investigations, Malware | Tagged , , , , , , , , | Comments Off on Memory Forensics – RansomCare Investigation Case 1