PE-sieve is a small tool for investigating inline hooks and other in-memory code patches, developed by hasherezade.
In digital forensics, the term logical extraction is typically used to refer to extractions that do not recover deleted data, or do not include a full bit-by-bit copy of the evidence, analogously to copying and pasting a folder in order to extract data from a system. So, this process will only copy files that the […]
Every forensic analyst, during his experience, perfects his own workflow for the acquisition of forensic images. Today I want to propose my own workflow for acquisition of physical disks on Microsoft Windows systems
Microsoft has released, on its GitHub repository, an interesting Linux porting of ProcDump from Sysinternals suite.
FatCat is a tool designed to manipulate FAT filesystems, in order to explore, extract, repair, recover and forensic them.