Andrea Fortuna
Just some random thoughts about the Meaning of Life, The Universe, and Everything

An interesting article and video lesson by security reserarcher Didier Stevens.

There is no 100% anonymity on the internet.

Your Digital Footprint is everywhere on the web: it is in all the actions you do on keyboard and mouse, on every tap and swipe on our mobile phone.

Currently, there are a lot of good forensics commercial tools, can be used to perform a whole dfir workflow. However, several analyst anche companies cannot afford the purchase of those (awesome) tools.

During forensic anaysis, Windows registry data can be useful to discover malicious activity and to determine if and what data may have been stolen from a network.

The malware analyst Karsten Hahn recently published a very interesting video about the analysis of a sample of the well-known malware Ursnif.

The recent controversies related to new WhatsApp‘s Privacy Policy have lead many users to start looking for new alternatives.

Recently I’ve already written about Cobalt Strike detection during forensics analysis. However, some followers asked my if it was possibile to perform this activities using Volatility, in order to integrate them in existing analysis workflows.

Today I want to briefly take up a topic already addressed in a previous post: analysis of Windows 10 memory dumps using Volatility 2.

Sometimes, during an incident analysis, you may need to replicate behaviours of a specific host, perhaps already acquired with a forensic method.

During a forensic analysis on mobile devices, especially when you are not able to perform a full memory acquisition, a network traffic analysis could be useful in order to identify suspicious activities.