How to process recent Windows 10 memory dumps in Volatility 2
Today I want to briefly take up a topic already addressed in a previous post: analysis of Windows 10 memory dumps using Volatility 2.
Continue…Today I want to briefly take up a topic already addressed in a previous post: analysis of Windows 10 memory dumps using Volatility 2.
Continue…Sometimes, during an incident analysis, you may need to replicate behaviours of a specific host, perhaps already acquired with a forensic method.
Continue…During a forensic analysis on mobile devices, especially when you are not able to perform a full memory acquisition, a network traffic analysis could be useful in order to identify suspicious activities.
Continue…Today I’d like to share a brief list of useful tools I use for OSX analysis.
Continue…In order to expand the address space that is effectively usable by a process and to expand the amount of dynamic RAM, modern operating systems use the method known as swapping.
Continue…A simple step-to-step tutorial for iOS full acquisition.
Continue…A brief update on Cobalt Strike detection in forensics analysis, with a couple of new resources.
Continue…Some privacy concerns about Apple Silicon and MacOs Big Sur.
Continue…In my previous posts I often covered many tools and techniques that allows memory acquisition from a Windows system. However, I written few articles about Linux memory acquisition and analysis, only one brief post regarding memory profiles generation on Linux, using LiME.
Continue…