Tag Archives: Forensics

Linux Forensics Workshop

Hello, I’ve been invited by the Saudi Federation for Cyber Security and Programming (SAFCSP) to do a Linux Forensics workshop during their series of Cybersecurity Nights. My session will be next Thursday, May 14th, 2020 at 10:00 PM (KSA time) … Continue reading

Posted in Forensics, Investigations, Workshops | Tagged , , , , | Leave a comment

Investigating USB Drives using Mount Points Not Drive Letters

Yes, another excellent question came up by one of my students: If a user mounts the volume to a mount point, what artifacts could we find for the USB? Starting I think from Windows 8.1 or 10, a user could … Continue reading

Posted in DFIR, Forensics, Investigations, Windows | Tagged , , , , , , , , | Leave a comment

Acquiring Linux Memory using AVML and Using it with Volatility

This is another quick post going over the process to acquire memory from a Linux system, but instead of using LiME, I’m going to use AVML which stands for Acquire Volatile Memory for Linux, and could be found here. The … Continue reading

Posted in DFIR, Forensics, Memory, Software/Tools | Tagged , , , , , , , | Comments Off on Acquiring Linux Memory using AVML and Using it with Volatility

Forensic Analysis: Creating User GUI vs CLI

Hello, This is my first forensic analysis post in English; as I’m sure you noticed by now that all of it is in Arabic; so excuse me for my bad English :) The whole idea came out when @azeemnow asked … Continue reading

Posted in Forensics, Windows | Tagged , , , , , | Comments Off on Forensic Analysis: Creating User GUI vs CLI

Network Forensics Challenge 1

كالعادة، الغياب عن هذا المكان أصبح شيء روتيني :) على كل حال … قمنا بوضع تحدي على موقع مجتمع الحماية العربي يمكنكم الوصول له من هنا … الى هذه اللحظة لم يقم بحل التحدي سوى شخصين، أحداهم هي طالبتي والثاني … Continue reading

Posted in Academia, Forensics, Networks | Tagged , , , | Comments Off on Network Forensics Challenge 1