Microsoft has released, on its GitHub repository, an interesting Linux porting of ProcDump from Sysinternals suite.
FatCat is a tool designed to manipulate FAT filesystems, in order to explore, extract, repair, recover and forensic them.
Santoku is a bootable linux distribution focused on mobile forensics, analysis, and security. It comes with pre-installed platform SDKs, drivers and utilities and allows auto detection and setup of new connected mobile devices. Santoku Linux is a free and open community project sponsored by NowSecure who provide core team members, and some tools for inclusion in the […]
About Volatility i have written a lot of tutorials, now let’s try to use this information in a real context extracting the password hashes from a windows memory dump, in 4 simple steps. 1. Identify the memory profile First, we need to identify the correct profile of the system: root@Lucille:~# volatility imageinfo -f test.elf Volatility […]
On Windows systems, event logs contains a lot of useful information about the system and its users.