In my previous posts I often covered many tools and techniques that allows memory acquisition from a Windows system. However, I written few articles about Linux memory acquisition and analysis, only one brief post regarding memory profiles generation on Linux, using LiME.

Cobalt Strike was born as a penetration testing tool, useful for Red Teaming activities.

Data extraction, data acquisition, data analysis? Let’s try to make it a little clearer!

Sysdiagnose logs allow developers to extract information from iOS devices, and it is used for understanding bug occurrences.
However, this log is also useful for forensic purposes when a full device acquisition is not possible/available.

In order to perform a correct forensic analysis on a Apple device, a basic knowledge of storage, file allocation methods relevant files paths is always required.

I’ve already written about DLL Hijacking, but today I’d like to share a really interesting research by Wietze Beukema.

I read an interesting article that I’d like to share with you today.
A post on Elcomsoft blog by James Duffy, titled “Demystifying iOS Data Security”.

LinuxCheck is a small bash script for information collection, useful for emergency response on Debian and Centos systems.

Recently I had to perform a forensic investigation on a server that had made some strange Remote Desktop activities.
In that case, the analysis of windows events has turned out really useful.

Vladimir Katalov published, on ElcomSoft‘s blog, a good post about forensic acquisition techniques for iOS devices.