OS X forensic acquisition: a basic workflow

OS X is, in effect, a *nix based system.
Therefore the forensic image acquisition processes are very similar to those used on Linux systems.
Today I’d like to share my personal acquisition workflow for Apple Mac systems, suitable for OSX before 10.11 (El Capitan) or any OSX version with SIP disabled.

Continue reading “OS X forensic acquisition: a basic workflow”

Some thoughts about Windows Memory Management

Malware analysis and digital forensic analysis are processes that often needs the analyst to look into system memory.
In this regard, a good analyst must have at least a base knowledge of Windows Memory Management.

Continue reading “Some thoughts about Windows Memory Management”

My GCFA Exam Sketchbook

Some months ago i’ve got GCFA certification.

During exam preparation i’ve collected a lot of notes, and after the exam i’ve gradually organized them in a index based on topics emerged during the exam, usual using my few freetime.

Continue reading “My GCFA Exam Sketchbook”