Andrea Fortuna
Just some random thoughts about the Meaning of Life, The Universe, and Everything

  • About
  • Cybersecurity
  • Music

How to sort and organize files recovered by PhotoRec

During a forensic analysis, but also during other simple tasks (like helping a friend to recover deleted files), is useful to have a trusted tool to perform file-carving and data recovery.

Continue…
  • Dfir

Android Triage: a really useful forensic tool by Mattia Epifani

Most of forensic acquisition activities on an Android device can be accomplished using the ADB (Android Debug Bridge) tool.
However, a lot of commands are required: luckily, the forensic expert Mattia Epifani created a bash script that automatize a lot of operations needed to collect device informations.

Continue…
  • Dfir
  • Forensics

Didier Stevens: finding Metasploit & Cobalt Strike URLs

An interesting article and video lesson by security reserarcher Didier Stevens.

Continue…
  • Malware Analysis

How to perform a digital forensic analysis using only free tools

Currently, there are a lot of good forensics commercial tools, can be used to perform a whole dfir workflow. However, several analyst anche companies cannot afford the purchase of those (awesome) tools.

Continue…
  • Dfir

Windows registry Transaction Logs in forensic analysis

During forensic anaysis, Windows registry data can be useful to discover malicious activity and to determine if and what data may have been stolen from a network.

Continue…
  • Dfir

Karsten Hahn: fileless Ursnif/Gozy static analysis and unpacking

The malware analyst Karsten Hahn recently published a very interesting video about the analysis of a sample of the well-known malware Ursnif.

Continue…
  • Malware Analysis
  • Technology

How to detect Cobalt Strike Beacons using Volatility

Recently I’ve already written about Cobalt Strike detection during forensics analysis. However, some followers asked my if it was possibile to perform this activities using Volatility, in order to integrate them in existing analysis workflows.

Continue…
  • Dfir

How to process recent Windows 10 memory dumps in Volatility 2

Today I want to briefly take up a topic already addressed in a previous post: analysis of Windows 10 memory dumps using Volatility 2.

Continue…
  • Dfir
  • Technology
  • Volatility

How to boot an Encase (E01) image using VirtualBox

Sometimes, during an incident analysis, you may need to replicate behaviours of a specific host, perhaps already acquired with a forensic method.

Continue…
  • Dfir
  • Forensics

Mobile forensics: how to identify suspicious network traffic

During a forensic analysis on mobile devices, especially when you are not able to perform a full memory acquisition, a network traffic analysis could be useful in order to identify suspicious activities.

Continue…
  • Dfir
  • Forensics
« Older
Proudly developed by Andrea Fortuna