Let’s starting a series of article related to digital forensic focused on mobile devices.
In this first post i’d like to share some thoughts about image acquisition on android devices.
Often, during an incident response, may be necessary to analyze a lot of evidences, like disk and memory dumps.Continue…
Microsoft provides Shims to developers mainly for backward compatibility, but malware can take advantage of shims to target an executable for both persistence and injection.
Some months ago i’ve got GCFA certification.
During exam preparation i’ve collected a lot of notes, and after the exam i’ve gradually organized them in a index based on topics emerged during the exam, usual using my few freetime.Continue…
Rootkits are tools and techniques used to hide malicious modules from being noticed by system monitoring.Continue…
There are commercial tools that provides access to the Volume Shadow Copies within a forensic image, but how can access this source of data using only free tools?
Injecting code into other process memory is not only limited to shellcodes or DLLs.
PE Injection technique enables to inject and run a complete executable module inside another process memory.
The Netflix Security Intelligence and Response Team (SIRT) has released (under Apache 2.0 license) a triage tool to help digital forensics and incident response teams quickly identify compromised hosts on which to focus their response.
The tool, written in python 3 and named “Diffy”, is strictly focused on security incidents on cloud architectures.