In some occasions you need to acquire an image of a computer using a boot disk and network connectivity.
Every analyst, during day by day experiences refines its own workflow for timeline creation. Today i propose mine.
Malware authors have always looked for new techniques to stay invisible. This includes being invisible on the compromised machine, but it is even more important to hide malicious indicators and behavior during analysis.
During a penetration test, you could lucky enough to find a RCE vulnerability: in this case, the next step should be to obtain an interactive shell.
PE-sieve is a small tool for investigating inline hooks and other in-memory code patches, developed by hasherezade.
In digital forensics, the term logical extraction is typically used to refer to extractions that do not recover deleted data, or do not include a full bit-by-bit copy of the evidence, analogously to copying and pasting a folder in order to extract data from a system. So, this process will only copy files that the…