Forensics | So Long, and Thanks for All the Fish

Permanently delete files in Windows using built-in utilities

Posted on April 10, 2019February 18, 2019 by Andrea Fortuna

A good wiping tool is available in all Windows systems since Windows 2000

Malware hiding and evasion techniques

Posted on February 12, 2018February 6, 2018 by Andrea Fortuna

Malware authors have always looked for new techniques to stay invisible.
This includes being invisible on the compromised machine, but it is even more important to hide malicious indicators and behavior during analysis.

Continue reading “Malware hiding and evasion techniques”

USB Devices in Windows Forensic Analysis

Posted on February 9, 2018April 3, 2018 by Andrea Fortuna

Parsing SetupAPI log for fun and profit!

Continue reading “USB Devices in Windows Forensic Analysis”

PE-sieve, a command line tool for investigating inline hooks

Posted on January 15, 2018January 8, 2018 by Andrea Fortuna

PE-sieve is a small tool for investigating inline hooks and other in-memory code patches, developed by hasherezade.

Continue reading “PE-sieve, a command line tool for investigating inline hooks”

Forensic logical acquisition of Android devices using adb backup

Posted on December 29, 2017December 24, 2017 by Andrea Fortuna

In digital forensics, the term logical extraction is typically used to refer to extractions that do not recover deleted data, or do not include a full bit-by-bit copy of the evidence, analogously to copying and pasting a folder in order to extract data from a system.

So, this process will only copy files that the user can access and see: if any hidden or deleted files are present in the folder being copied, they will not be in the pasted version of the folder.

Continue reading “Forensic logical acquisition of Android devices using adb backup”