In an interesting article, editors by Privacy International examines some aspects of digital forensics on mobile phones, from the acquisition process to the data analysis phase.Continue reading “Some thoughts about smartphones data extraction”
Memory analysis on Windows 10 is pretty different from previous Windows versions: a new feature, called Memory Compression, make it necessary a forensic tool able to read compressed memory pages.Continue reading “Forensic analysis of Windows 10 compressed memory using Volatility”
A couple of very brief tip, useful during a forensic acquisition.Continue reading “How to retrieve hard disk information and properties with WMIC and lsblk”
I just recently to perform a forensic analysis on a compromised Microsoft Azure VM, and I’d like to share a couple of useful tips.Continue reading “How to mount a Azure’s VHD disk image on Linux”
Microsoft Windows uses a paging file, called pagefile.sys, to store page-size blocks of memory that do not current fit into physical memory.
This file, stored in %SystemDrive%\pagefile.sys is a hidden system file and it can never be read or accessed by a user, including Administrator.