Today i’ll talk you briefly about the Windows 10 “Timeline“: a feature that can come in handy during a forensic analysis.
Continue reading “Some thoughts about Windows 10 “Timeline” forensics artifacts”
How to access it and how to analyze it?
Researchers from Cisco Talos recently discovered a new malware loader being used to deliver and infect systems using NodeJS as well as the legitimate open-source utility WinDivert.
Continue reading “Also Node.js has been used to perform a Living off the Land (LotL) attack”
The Windows Recycle Bin contains files that have been deleted by the user, but not yet purged from the system: a valuable source of evidence for an examiner.
Continue reading “Windows Forensics: analysis of Recycle bin artifacts”
When you start analyzing a Linux memory dump using volatility, the first problem you may need to face is choosing the correct memory profile.
Continue reading “How to generate a Volatility profile for a Linux system”