Today i’ll talk you briefly about the Windows 10 “Timeline“: a feature that can come in handy during a forensic analysis.
How to access it and how to analyze it?
Category: Dfir
Also Node.js has been used to perform a Living off the Land (LotL) attack
Researchers from Cisco Talos recently discovered a new malware loader being used to deliver and infect systems using NodeJS as well as the legitimate open-source utility WinDivert.
Continue reading “Also Node.js has been used to perform a Living off the Land (LotL) attack”Windows Forensics: analysis of Recycle bin artifacts
The Windows Recycle Bin contains files that have been deleted by the user, but not yet purged from the system: a valuable source of evidence for an examiner.
Continue reading “Windows Forensics: analysis of Recycle bin artifacts”PEpper: a python script to perform malware static analysis on Portable Executable format
A useful tool: fast and easy to use.
Continue reading “PEpper: a python script to perform malware static analysis on Portable Executable format”How to generate a Volatility profile for a Linux system
When you start analyzing a Linux memory dump using volatility, the first problem you may need to face is choosing the correct memory profile.
Continue reading “How to generate a Volatility profile for a Linux system”