When you start analyzing a Linux memory dump using volatility, the first problem you may need to face is choosing the correct memory profile.
Category: Dfir
OS X forensic acquisition: a basic workflow
OS X is, in effect, a *nix based system. Therefore the forensic image acquisition processes are very similar to those used on Linux systems.Today I’d like to share my personal acquisition workflow for Apple Mac systems, suitable for OSX before 10.11 (El Capitan) or any OSX version with SIP disabled.
Forensic analysis of Windows 10 compressed memory using Volatility
Memory analysis on Windows 10 is pretty different from previous Windows versions: a new feature, called Memory Compression, make it necessary a forensic tool able to read compressed memory pages.
How to retrieve hard disk information and properties with WMIC and lsblk
A couple of very brief tip, useful during a forensic acquisition.
CVE-2019-1132: a Windows Zero-Day exploited by Buhtrap Group in espionage campaigns
According to experts at ESET, the Windows zero-day vulnerability CVE-2019-1132 was exploited by the Buhtrap threat group in a targeted attack aimed at a government organization in Eastern Europe.