Let’s starting a series of article related to digital forensic focused on mobile devices. In this first post i’d like to share some thoughts about image acquisition on android devices.
Often, during an incident response, may be necessary to analyze a lot of evidences, like disk and memory dumps.
Microsoft provides Shims to developers mainly for backward compatibility, but malware can take advantage of shims to target an executable for both persistence and injection.
Some months ago i’ve got GCFA certification. During exam preparation i’ve collected a lot of notes, and after the exam i’ve gradually organized them in a index based on topics emerged during the exam, usual using my few freetime.