Andrea Fortuna
Just some random thoughts about the Meaning of Life, The Universe, and Everything

Recently I’ve already written about Cobalt Strike detection during forensics analysis. However, some followers asked my if it was possibile to perform this activities using Volatility, in order to integrate them in existing analysis workflows.

Today I want to briefly take up a topic already addressed in a previous post: analysis of Windows 10 memory dumps using Volatility 2.

Sometimes, during an incident analysis, you may need to replicate behaviours of a specific host, perhaps already acquired with a forensic method.

During a forensic analysis on mobile devices, especially when you are not able to perform a full memory acquisition, a network traffic analysis could be useful in order to identify suspicious activities.

Today I’d like to share a brief list of useful tools I use for OSX analysis.

In order to expand the address space that is effectively usable by a process and to expand the amount of dynamic RAM, modern operating systems use the method known as swapping.

A simple step-to-step tutorial for iOS full acquisition.

A brief update on Cobalt Strike detection in forensics analysis, with a couple of new resources.

FAMA (Forensic Analysis For Mobile Apps) is a forensic framework developed in Python (2.7+) by Lab of Cybersecurity and Digital Forensics at IPLeiria (LabCIF).

In my previous posts I often covered many tools and techniques that allows memory acquisition from a Windows system. However, I written few articles about Linux memory acquisition and analysis, only one brief post regarding memory profiles generation on Linux, using LiME.