Skip to content

So Long, and Thanks for All the Fish

Just some random thoughts about the Meaning of Life, The Universe, and Everything

  • Home
  • About

Tag: volatility

AutoTimeliner: automatically extract forensic timeline from memory dumps

Posted on November 19, 2018November 21, 2018 by Andrea Fortuna
AutoTimeliner: automatically extract forensic timeline from memory dumps

Often, during an incident response, may be necessary to analyze a lot of evidences, like disk and memory dumps.

CategoriesDfir

Malhunt: automated malware search in memory dumps

Posted on July 30, 2018July 23, 2018 by Andrea Fortuna
Malhunt: automated malware search in memory dumps

Recently i’ve published this post focused on hunting malware using volatility and Yara rules.

CategoriesMalware Analysis

Digital forensics chronicles: image identification issues on large memory dump with Volatility

Posted on July 25, 2018July 19, 2018 by Andrea Fortuna
Digital forensics chronicles: image identification issues on large memory dump with Volatility

Spoiler: shame on DumpIT!

CategoriesDfir

Finding malware on memory dumps using Volatility and Yara rules

Posted on July 16, 2018July 5, 2018 by Andrea Fortuna
Finding malware on memory dumps using Volatility and Yara rules

Previously i’ve talked a lot about Volatility, and i’ve published also some articles about YARA. Today i’d like share a brief and simple workflow, useful for a first high-level analysis of memory dumps in order to search the presence of a generic malware.

CategoriesDfir

Volatility tips: how to extract text typed in a notepad window from a Windows memory dump

Posted on March 2, 2018March 5, 2018 by Andrea Fortuna
Volatility tips: how to extract text typed in a notepad window from a Windows memory dump

In a comment on my article Volatility, my own cheatsheet (Part 3): Process Memory, Fabrizio asked me: […] da un dump di memoria su un sistema win7, ho rilevato che era in esecuzione notepad, รจ possibile visualizzarne il contenuto? ([…] from a memory dump on a win7 system, I found out that notepad was running,…

CategoriesDfir
Older posts →

Books

The little handbook of Windows Forensics

Jazz Standards for Fingerstyle Ukulele

Ten simple ukulele arrangements of famous jazz standards

The little handbook of Windows Forensics

The little handbook of Windows Forensics

Just some random thoughts about Windows Forensics

Recent Posts

  • My Social Media Detox, part 4: Linkedin account
  • My Weekly RoundUp #80
  • Early Music on Ukulele: Greensleeves
  • Abusing Group Policy Preference files for password discovery
  • My Weekly RoundUp #79

Fun and Music

gcea

Ukulele transcriptions and tutorials

Categories

Recent Comments

  • Andrea Fortuna on How to mount an EWF image file (E01) on Linux
  • Nihith on How to mount an EWF image file (E01) on Linux
  • Battlefield 5 Cheat - Fully Undetected - Wallhack and Aimbot on What is Reflective DLL Injection and how can be detected?
  • Minecraft Hack - Fully Undetected - Wallhack / Fly / Nuker / Aimbot on What is Reflective DLL Injection and how can be detected?
  • How to Write an Antivirus from Scratch – L3nSec on RunPE: a practical example of Process Hollowing technique

Archives

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Privacy Policy
Proudly powered by WordPress Simplent Theme by Rafay