I just recently to perform a forensic analysis on a compromised Microsoft Azure VM, and I’d like to share a couple of useful tips.
Malware analysis and digital forensic analysis are processes that often needs the analyst to look into system memory.In this regard, a good analyst must have at least a base knowledge of Windows Memory Management.
Some months ago i’ve got GCFA certification. During exam preparation i’ve collected a lot of notes, and after the exam i’ve gradually organized them in a index based on topics emerged during the exam, usual using my few freetime.
There are commercial tools that provides access to the Volume Shadow Copies within a forensic image, but how can access this source of data using only free tools?