In 2008, a team of students and researchers from Princeton University, Wind River Systems and the Electronic Frontier Foundation published a research paper [3] examining the phenomena of computer memory remanence.
That paper has confirmed what had long been theorized by computer security practitioners: the volatile memory of computer systems is less volatile than expected.

During an incident response, a fast analysis could be required, often on systems that aren’t the workstation usually used by the analyst.
So, I always suggest to create a small and simple toolkit that can be copied on a USB stick.

The recent deadly shooting last month at a naval air station in Pensacola, Fla., brought in the spotlight the issue of iOS security: attorney General William P. Barr requested Apple to provide access to two phones used by the killer.

iOS forensic is quite complex: in many cases, jailbreaking is the only way to gather all most information available in iOS devices.

In an interesting article, editors by Privacy International examines some aspects of digital forensics on mobile phones, from the acquisition process to the data analysis phase.

Researchers by cybersecurity firm Nyotron has discovered a new way that lets windows malware to modify files in a unique style that current anti-ransomware solutions are unable to identify.

Some weeks ago I’ve already written about information gathering on OSX systems, related to the forensic investigation process.

Today i’ll talk you briefly about the Windows 10 “Timeline“: a feature that can come in handy during a forensic analysis.
How to access it and how to analyze it?

Researchers from Cisco Talos recently discovered a new malware loader being used to deliver and infect systems using NodeJS as well as the legitimate open-source utility WinDivert.

The Windows Recycle Bin contains files that have been deleted by the user, but not yet purged from the system: a valuable source of evidence for an examiner.