Malware hiding and evasion techniques

Malware authors have always looked for new techniques to stay invisible.
This includes being invisible on the compromised machine, but it is even more important to hide malicious indicators and behavior during analysis.

Continue reading “Malware hiding and evasion techniques”

PE-sieve, a command line tool for investigating inline hooks

PE-sieve is a small tool for investigating inline hooks and other in-memory code patches, developed by hasherezade.

Continue reading “PE-sieve, a command line tool for investigating inline hooks”

Forensic logical acquisition of Android devices using adb backup

In digital forensics, the term logical extraction is typically used to refer to extractions that do not recover deleted data, or do not include a full bit-by-bit copy of the evidence, analogously to copying and pasting a folder in order to extract data from a system.

So, this process will only copy files that the user can access and see: if any hidden or deleted files are present in the folder being copied, they will not be in the pasted version of the folder.

Continue reading “Forensic logical acquisition of Android devices using adb backup”