PE-sieve is a small tool for investigating inline hooks and other in-memory code patches, developed by hasherezade.
PE-sieve, a command line tool for investigating inline hooks
Posted on
Category: Forensics
Forensic logical acquisition of Android devices using adb backup
Posted on
In digital forensics, the term logical extraction is typically used to refer to extractions that do not recover deleted data, or do not include a full bit-by-bit copy of the evidence, analogously to copying and pasting a folder in order to extract data from a system. So, this process will only copy files that the…
Forensic disk images of a Windows system: my own workflow
Posted on
Every forensic analyst, during his experience, perfects his own workflow for the acquisition of forensic images. Today I want to propose my own workflow for acquisition of physical disks on Microsoft Windows systems
Sysinternals ProcDump porting for Linux
Posted on
Microsoft has released, on its GitHub repository, an interesting Linux porting of ProcDump from Sysinternals suite.
How to recover a broken FAT filesystem using FatCat
Posted on
FatCat is a tool designed to manipulate FAT filesystems, in order to explore, extract, repair, recover and forensic them.