Andrea Fortuna
AboutSearch
Tools
DFIR Toolkit OSINT Toolkit
  • Apr 17, 2026

    Claude Mythos found what 27 years of human review missed. Now what?

    I have been doing security work long enough to develop a reliable instinct for when the industry is performing alarm versus when something has genuinely shifted. The week of April 7, 2026.… read more »
  • Apr 16, 2026

    From RAM to revelation: how Windows manages memory and how Volatility reads it

    Over the years I have written quite a bit about memory forensics: Volatility cheatsheets, plugin-specific guides, compressed memory analysis, the migration to Volatility 3. But I never got around to writing about.… read more »
  • Apr 15, 2026

    Why DFIR teams need to look beyond the MBR when analyzing modern wipers

    For a long time, the standard mental image of a disk wiper was simple: overwrite the MBR, make the machine unbootable, and let the damage speak for itself. For DFIR teams, that.… read more »
  • Apr 14, 2026

    Why prudence still wins in high-stakes technology

    From the Apple Newton to CrowdStrike, some of the most instructive failures in tech come from misjudging the balance between ambition, timing, and operational caution.… read more »
  • Apr 13, 2026

    When Async becomes Always-On

    A peculiar ritual plays out in the recruiting process of many large tech companies. The job description mentions flexible hours. The hiring manager speaks enthusiastically about remote-first culture.… read more »
  • Apr 12, 2026

    Reading the ENISA secure by design playbook without the hype

    There is a telling sentence buried deep inside the new ENISA Secure by Design and Default Playbook, published in March 2026 for public consultation: "security goals can often fail, even in the.… read more »
  • Apr 11, 2026

    When deleting Signal is not enough: the FBI, iPhone notifications, and what forensics can reveal

    A few days ago, 404 Media published a detailed report that made a lot of people uncomfortable: the FBI managed to recover Signal messages from a suspect's iPhone, even though the app.… read more »
  • Apr 10, 2026

    You don't know what's in your software. Neither do most vendors.

    The question is simple: what software is actually running in your systems? Not what you think is running, not what the deployment manifest says, but what is really there, compiled, linked, packaged,.… read more »
  • Apr 6, 2026

    Patching the wrong holes

    Why CVSS-first patching often fails in real incidents, and how exposure- and attack-path-based prioritization can reduce exploitable risk more effectively than severity-only workflows.… read more »
  • Apr 4, 2026

    Uffizi cyberattack: BabLock TTPs, IOCs and attribution gaps

    In early 2026, the cyberattack on the Uffizi Galleries became one of the most discussed security incidents in the Italian public sector. The controversy was not only about the intrusion itself, but.… read more »
  • Apr 2, 2026

    Spyrtacus and the fake WhatsApp client behind a hidden surveillance campaign

    In late March 2026, around 200 people in Italy received an unusual warning from WhatsApp. Their devices, according to the company, had been compromised through a fake client that looked like the.… read more »
  • Apr 2, 2026

    Old code never dies: why legacy software is often safer than new code

    Legacy software is not automatically the problem. More often, the real danger is the transition: rushed rewrites, brittle migrations, and AI-generated code that looks correct until production says otherwise.… read more »
  • Mar 29, 2026

    iOS Lockdown mode and forensic analysis: a technical perspective

    Apple introduced Lockdown Mode in iOS 16 as a hardened protection layer targeted at a narrow group of users exposed to targeted attacks and mercenary spyware.… read more »
  • Mar 26, 2026

    All code is sorcery, until it isn't

    In 1966, Joseph Weizenbaum created a program called ELIZA. It was, by any technical measure, trivial: a pattern-matching engine that reflected the user's words back as open-ended questions, mimicking the style of.… read more »
  • Mar 21, 2026

    When the city becomes the weapon: IoT, AI, and the new face of warfare

    There is a quiet assumption most of us carry around about the devices that fill our cities. Traffic cameras sit on their poles to catch speeding drivers. Smart sensors monitor air quality.… read more »
  • Mar 19, 2026

    Windows 11 quietly introduced a new execution artifact investigators should start checking

    Digital forensics often rewards people who look in places nobody else is checking yet. This article provides practical context, implications, and actions for security teams.… read more »
  • Mar 17, 2026

    Introducing DFIR Toolkit: Privacy-First DFIR utilities that run entirely in your browser

    A new collection of browser-based DFIR tools designed for fast triage, zero setup, and local analysis only: IOC Extractor, Timestamp Converter, Hash Calculator, and Email Header Analyzer.… read more »
  • Mar 9, 2026

    Cloud repatriation: when moving workloads back on premises is a strategic choice, not a retreat

    "The cloud is just someone else's computer." The old sysadmin joke has held up better than many forecasts from the last decade. After years of cloud-first mandates, digital transformation roadmaps, and hyperscaler.… read more »
  • Mar 4, 2026

    MalHunt gets a major overhaul: Volatility3, smarter YARA handling, and better error recovery

    If you have been following my open-source work, you probably know MalHunt, the memory forensics tool I built to automate malware hunting on top of Volatility. Yesterday I pushed a significant batch.… read more »
  • Mar 1, 2026

    Ten problems every Volatility2 analyst will hit when migrating to Volatility3

    After years of daily use in incident response and forensic investigations, This article provides practical context, implications, and actions for security teams.… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andreafortunaig
  • andrea-fortuna

Cybersecurity expert, software developer, experienced digital forensic analyst, musician