-
Recent Posts
Categories
- Academia (20)
- Android (1)
- Anti-Forensics (2)
- AntiX (3)
- Apache/Tomcat (8)
- Arabnix (6)
- BackTrack (5)
- Books (17)
- Challenges (5)
- Companies (16)
- Cyber 5W (1)
- Database (23)
- Development (31)
- DFIR (10)
- Exploitation (7)
- File Systems (1)
- Firewalls (20)
- Footprinting (14)
- Forensics (21)
- Fun (28)
- GNU/Linux (101)
- HDFS (1)
- IDS/IPS (4)
- Investigations (9)
- Kernel (24)
- Life (160)
- Linux Security (68)
- Linux Services (37)
- Malware (5)
- Memory (1)
- Metasploit (6)
- Mobile (3)
- Networks (44)
- News (75)
- OSINT (6)
- Patch Management (5)
- PCI Compliance (8)
- PenTest (51)
- Poems (9)
- PortKnocking (10)
- Privacy (4)
- Publications (12)
- Real Madrid (17)
- Research (2)
- Security (83)
- Snippets (33)
- Social Engineering (4)
- Software/Tools (51)
- Sport (78)
- ThreatHunting (3)
- Unix (12)
- Virtualization (25)
- Vulnerability (6)
- Web Security (12)
- Webapp (4)
- WHM/Cpanel (6)
- Windows (17)
- Workshops (1)
- z0ne (16)
Archives
Category Archives: Windows
No Drive Letter, No USB Evidence? Think Again!
This post is about a question asked: If the user removes the drive letter to hide the presence of a mounted USB drive, could we still locate that drive in the Windows Registry? Short answer is, YES it will still … Continue reading
Posted in DFIR, Forensics, Investigations, Windows
Tagged Computer Forensics, DFIR, registry, Registry Explorer, RegRipper, USB, Windows
Comments Off on No Drive Letter, No USB Evidence? Think Again!
Investigating Windows Systems (Book Review)
Hello, We have a saying in Arabic “ان تأتي متآخراً، خيراً من أن لا تأتي أبدا” and in English “Better late, than never!”. This is my review to Harlan Carvey‘s last book titled “Investigating Windows Systems” which I should have … Continue reading
Posted in Books, Forensics, Investigations, Windows
Tagged Analysis, Artifacts, DFIR, Investigating, Micro-Timelines, Pivot Points, Review, Skills, Timelines, Windows
Comments Off on Investigating Windows Systems (Book Review)
Update: Hidden Prefetch Files Detection using New PECmd
Before diving into this post, I wanted to say, that I have been teaching digital forensics for a long time by now, and in my Operating System Forensics class, I use Eric Zimmerman‘s tools a lot, and when I say … Continue reading
Posted in AntiX, ThreatHunting, Windows
Tagged ads, alternate data streams, anti-forensics, EXE, malicious, Prefetch, stealth, threathunting, Windows
Comments Off on Update: Hidden Prefetch Files Detection using New PECmd
Creating a Hidden Prefetch File to Bypass Normal Forensic Analysis
While doing more experiments of running EXEs and Malicious EXEs from ADS and Stealthy ADS to continue my previous work “Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS“, and in order to create a forensic image and … Continue reading
Posted in AntiX, Forensics, ThreatHunting, Windows
Tagged ads, alternate data streams, anti-forensics, EXE, malicious, Prefetch, stealth, threathunting, Windows
Comments Off on Creating a Hidden Prefetch File to Bypass Normal Forensic Analysis