Some weeks ago I’ve already written about information gathering on OSX systems, related to the forensic investigation process.
Category: Dfir
Some thoughts about Windows 10 “Timeline” forensics artifacts
Today i’ll talk you briefly about the Windows 10 “Timeline“: a feature that can come in handy during a forensic analysis. How to access it and how to analyze it?
Also Node.js has been used to perform a Living off the Land (LotL) attack
Researchers from Cisco Talos recently discovered a new malware loader being used to deliver and infect systems using NodeJS as well as the legitimate open-source utility WinDivert.
Windows Forensics: analysis of Recycle bin artifacts
The Windows Recycle Bin contains files that have been deleted by the user, but not yet purged from the system: a valuable source of evidence for an examiner.
PEpper: a python script to perform malware static analysis on Portable Executable format
A useful tool: fast and easy to use.