Category Archives: Malware

Memory Forensics – RansomCare Investigation Case 1

In this case you are required analyze a memory dump of a Windows 10 system that has been hit with RansomCare. E01 for the Memory Dump could be found: here Find RansomCare’s code, dump it. and explain what happened to … Continue reading

Posted in Anti-Forensics, Challenges, Cyber 5W, DFIR, Forensics, Investigations, Malware | Tagged , , , , , , , , | Comments Off on Memory Forensics – RansomCare Investigation Case 1

Challenge #7 – SysInternals Case

The user downloaded what they thought was the SysInternals tool suite, double-clicked it, but the tools did not open and were not accessible. Since that time, the user has noticed that the system has “slowed down” and become less and … Continue reading

Posted in Challenges, DFIR, Forensics, Investigations, Malware | Tagged , , , , , , | Comments Off on Challenge #7 – SysInternals Case

Howto Setup and use the CuckooVM v2

This post should cover the basics of how to import and run a basic analysis using the Cuckoo VM which could be found here. I’m referring to this VM as CuckooVM version 2, since if you’ve been following, you already … Continue reading

Posted in DFIR, Forensics, Investigations, Malware, Virtualization | Tagged , , , , , , | Comments Off on Howto Setup and use the CuckooVM v2

Cuckoo VM for Malware Analysis

Cuckoo VM prepared for Malware Analysis Continue reading

Posted in Forensics, Malware, Research, ThreatHunting, Virtualization | Tagged , , , , , | Comments Off on Cuckoo VM for Malware Analysis

Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS

One of my current students asked if using Stealth Alternate Data Streams (ADS), could bypass AVs? Therefore, I wanted to prove that for the student by doing a simple experiment. What was done is the following: 1. Turned off Windows … Continue reading

Posted in AntiX, Forensics, Malware, Metasploit, Windows | Tagged , , , , , , | Comments Off on Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS