The Windows Recycle Bin contains files that have been deleted by the user, but not yet purged from the system: a valuable source of evidence for an examiner.

A useful tool: fast and easy to use.

When you start analyzing a Linux memory dump using volatility, the first problem you may need to face is choosing the correct memory profile.

OS X is, in effect, a *nix based system.
Therefore the forensic image acquisition processes are very similar to those used on Linux systems.
Today I’d like to share my personal acquisition workflow for Apple Mac systems, suitable for OSX before 10.11 (El Capitan) or any OSX version with SIP disabled.

Memory analysis on Windows 10 is pretty different from previous Windows versions: a new feature, called Memory Compression, make it necessary a forensic tool able to read compressed memory pages.

A couple of very brief tip, useful during a forensic acquisition.

According to experts at ESET, the Windows zero-day vulnerability CVE-2019-1132 was exploited by the Buhtrap threat group in a targeted attack aimed at a government organization in Eastern Europe.

Malware researchers from Kaspersky have discovered new and improved versions of the FinFisher spyware, able o infect both Android and iOS devices.

According to the experts, the new versions have been active at least since 2018, one of the samples analyzed was used last month in Myanmar, where local government is accused of violating human rights.

According to security firm Check Point, a newly discovered Android malware that replaces portions of apps with its own code has infected more than 25 million devices.

Yes, the answer is 42! :-)