-
Feb 13, 2021
Currently, there are a lot of good forensics commercial tools, can be used to perform a whole dfir workflow. However, several analyst anche companies cannot afford the purchase of those (awesome) tools. For this reason, all my dfir tutorial are… read more »
-
Feb 6, 2021
During forensic anaysis, Windows registry data can be useful to discover malicious activity and to determine if and what data may have been stolen from a network. Many different types of data are present in the registry that can provide… read more »
-
Jan 26, 2021
The malware analyst Karsten Hahn recently published a very interesting video about the analysis of a sample of the well-known malware Ursnif. Ursnif is a banking trojan and variant of the Gozi malware observed being spread through various automated exploit… read more »
-
Jan 19, 2021
I mean no offense to real piano players but, despite I am a guitarist, I always loved the sound of piano. And ever since I started composing my music, most of my songs are written with the voice of a… read more »
-
Jan 11, 2021
The recent controversies related to new WhatsApp's Privacy Policy have lead many users to start looking for new alternatives. Actually, WhatsApp claims to provide end-to-end encryption [1], which is a great security feature. There are, however, several loopholes, on which… read more »
-
Jan 6, 2021
Recently I’ve already written about Cobalt Strike detection during forensics analysis. However, some followers asked my if it was possibile to perform this activities using Volatility, in order to integrate them in existing analysis workflows. Well, a solution has been… read more »
-
Dec 25, 2020
I think that music composition is very calming, then, during my Christmas holidays, I tried to relax as much as I could. Along with several songs started but never finished, I was able to complete a piece started exactly 1… read more »
-
Dec 23, 2020
Today I want to briefly take up a topic already addressed in a previous post: analysis of Windows 10 memory dumps using Volatility 2. In my previous article, I've recommended to use a FireEye's custom version of Volatility [1], with… read more »
-
Dec 21, 2020
Sometimes, during an incident analysis, you may need to replicate behaviours of a specific host, perhaps already acquired with a forensic method. In order to perform this test, you first need to create a VM starting from a forensic image,… read more »
-
Dec 14, 2020
During a forensic analysis on mobile devices, especially when you are not able to perform a full memory acquisition, a network traffic analysis could be useful in order to identify suspicious activities. In the past, I used a linux box… read more »
-
Dec 7, 2020
Today I’d like to share a brief list of useful tools I use for OSX analysis. I’ve already talked about OSX forensics, in a post focused on acquisition workflow. Today, I share a list of tools useful during the analysis… read more »
-
Dec 3, 2020
In order to expand the address space that is effectively usable by a process and to expand the amount of dynamic RAM, modern operating systems use the method known as swapping. In Linux systems this typically shows up in the… read more »
-
Nov 30, 2020
“Technology is just a tool. In terms of getting the kids working together and motivating them, the teacher is the most important” - Bill Gates Baby Yoda Flies to The ISS With The SpaceX Crew Sure, we might not be… read more »
-
Nov 29, 2020
Several year ago (at least 15), I've been involved in a exciting project: the development of a video game. Not as developer, but as musician! The game was an old-style platform, but with a realistic physic. When I began collaboration… read more »
-
Nov 25, 2020
A simple step-to-step tutorial for iOS full acquisition. The release of Checkm8 iOS exploit, in september 2019, was a bit topic: an exploit could be used on every iOS device made over an approximately 5-year period had major consequences. Checkm8… read more »
-
Nov 22, 2020
A brief update on Cobalt Strike detection in forensics analysis, with a couple of new resources. Some days ago I've published some informations about CobaltStrikeScan [1], a useful tool to identify Cobalt Strike beacons in processes memory, today l'd like… read more »
-
Nov 16, 2020
Some privacy concerns about Apple Silicon and MacOs Big Sur. The latest features added by Big Sur in combo with the Silicon M1 processor have some dirty little secrets. A path started some time ago and now completed with a… read more »
-
Nov 15, 2020
FAMA (Forensic Analysis For Mobile Apps) is a forensic framework developed in Python (2.7+) by Lab of Cybersecurity and Digital Forensics at IPLeiria (LabCIF). FAMA is an Android extraction and analysis framework, useful for easily dump user data from a device… read more »
-
Nov 11, 2020
“It's dangerous when people are willing to give up their privacy.“ - Noam Chomsky Chrome to block tab-nabbing attacks Google will deploy a new security feature in Chrome next year to prevent tab-nabbing, a type of web attack that allows… read more »
-
Nov 8, 2020
In my previous posts I often covered many tools and techniques that allows memory acquisition from a Windows system. However, I written few articles about Linux memory acquisition and analysis, only one brief post regarding memory profiles generation on Linux, using LiME. So, today I’d like… read more »