Category Archives: Investigations

Memory Forensics – RansomCare Investigation Case 1

In this case you are required analyze a memory dump of a Windows 10 system that has been hit with RansomCare. E01 for the Memory Dump could be found: here Find RansomCare’s code, dump it. and explain what happened to … Continue reading

Posted in Anti-Forensics, Challenges, Cyber 5W, DFIR, Forensics, Investigations, Malware | Tagged , , , , , , , , | Leave a comment

Challenge #9 – Encrypt Them All Case

In this case you are required to decrypt all the data and files that have been encrypted using different crypto methods. E01 for the drive could be found: here #1: Lost in Space: We noticed that the whole communication started … Continue reading

Posted in Anti-Forensics, Challenges, DFIR, Forensics, Investigations, Windows | Tagged , , , , , , | Leave a comment

Challenge #8 – NTFS File System Case

In this case you are required to find all the data and files that have been hidden using some of the NTFS file system capabilities. – E01 for the drive could be found: here – There are 5 hidden things … Continue reading

Posted in Challenges, DFIR, File Systems, Forensics, Investigations, Windows | Tagged , , , , , , , | Leave a comment

Challenge #7 – SysInternals Case

The user downloaded what they thought was the SysInternals tool suite, double-clicked it, but the tools did not open and were not accessible. Since that time, the user has noticed that the system has “slowed down” and become less and … Continue reading

Posted in Challenges, DFIR, Forensics, Investigations, Malware | Tagged , , , , , , | Leave a comment

Linux Forensics Workshop

Hello, I’ve been invited by the Saudi Federation for Cyber Security and Programming (SAFCSP) to do a Linux Forensics workshop during their series of Cybersecurity Nights. My session will be next Thursday, May 14th, 2020 at 10:00 PM (KSA time) … Continue reading

Posted in Forensics, Investigations, Workshops | Tagged , , , , | Comments Off on Linux Forensics Workshop