CobaltStrikeScan: identify CobaltStrike beacons in processes memory
Cobalt Strike was born as a penetration testing tool, useful for Red Teaming activities.
Continue…Cobalt Strike was born as a penetration testing tool, useful for Red Teaming activities.
Continue…Data extraction, data acquisition, data analysis? Let’s try to make it a little clearer!
Continue…Sysdiagnose logs allow developers to extract information from iOS devices, and it is used for understanding bug occurrences.
However, this log is also useful for forensic purposes when a full device acquisition is not possible/available.
In order to perform a correct forensic analysis on a Apple device, a basic knowledge of storage, file allocation methods relevant files paths is always required.
Continue…I’ve already written about DLL Hijacking, but today I’d like to share a really interesting research by Wietze Beukema.
Continue…I read an interesting article that I’d like to share with you today.
A post on Elcomsoft blog by James Duffy, titled “Demystifying iOS Data Security”.
LinuxCheck is a small bash script for information collection, useful for emergency response on Debian and Centos systems.
Continue…Recently I had to perform a forensic investigation on a server that had made some strange Remote Desktop activities.
In that case, the analysis of windows events has turned out really useful.
Vladimir Katalov published, on ElcomSoft‘s blog, a good post about forensic acquisition techniques for iOS devices.
Continue…In 2008, a team of students and researchers from Princeton University, Wind River Systems and the Electronic Frontier Foundation published a research paper [3] examining the phenomena of computer memory remanence.
That paper has confirmed what had long been theorized by computer security practitioners: the volatile memory of computer systems is less volatile than expected.