When you start analyzing a Linux memory dump using volatility, the first problem you may need to face is choosing the correct memory profile.
Continue reading
Category: Dfir
OS X forensic acquisition: a basic workflow
OS X is, in effect, a *nix based system. Therefore the forensic image acquisition processes are very similar to those used on Linux systems.Today I’d like to share my personal acquisition workflow for Apple Mac …
Continue reading
Forensic analysis of Windows 10 compressed memory using Volatility
Memory analysis on Windows 10 is pretty different from previous Windows versions: a new feature, called Memory Compression, make it necessary a forensic tool able to read compressed memory pages.
Continue reading
How to retrieve hard disk information and properties with WMIC and lsblk
A couple of very brief tip, useful during a forensic acquisition.
Continue reading
CVE-2019-1132: a Windows Zero-Day exploited by Buhtrap Group in espionage campaigns
According to experts at ESET, the Windows zero-day vulnerability CVE-2019-1132 was exploited by the Buhtrap threat group in a targeted attack aimed at a government organization in Eastern Europe.
Continue reading