Linux Forensics: Memory Capture and Analysis
In my previous posts I often covered many tools and techniques that allows memory acquisition from a Windows system. However, I written few articles about Linux memory acquisition and analysis, only one brief post regarding memory profiles generation on Linux, using LiME.
Continue…How to extract sysdiagnose logs for forensic purposes on iOS
Sysdiagnose logs allow developers to extract information from iOS devices, and it is used for understanding bug occurrences.
However, this log is also useful for forensic purposes when a full device acquisition is not possible/available.
James Duffy: Demystifying iOS Data Security
I read an interesting article that I’d like to share with you today.
A post on Elcomsoft blog by James Duffy, titled “Demystifying iOS Data Security”.
Some thoughts about smartphones data extraction
In an interesting article, editors by Privacy International examines some aspects of digital forensics on mobile phones, from the acquisition process to the data analysis phase.
Continue…Forensic analysis of Windows 10 compressed memory using Volatility
Memory analysis on Windows 10 is pretty different from previous Windows versions: a new feature, called Memory Compression, make it necessary a forensic tool able to read compressed memory pages.
Continue…How to retrieve hard disk information and properties with WMIC and lsblk
A couple of very brief tip, useful during a forensic acquisition.
Continue…How to mount a Azure’s VHD disk image on Linux
I just recently to perform a forensic analysis on a compromised Microsoft Azure VM, and I’d like to share a couple of useful tips.
Continue…How to extract forensic artifacts from pagefile.sys?
Microsoft Windows uses a paging file, called pagefile.sys, to store page-size blocks of memory that do not current fit into physical memory.
This file, stored in %SystemDrive%\pagefile.sys is a hidden system file and it can never be read or accessed by a user, including Administrator.