• Jul 10, 2021

    Some thoughts about Stuxnet

    Some days ago, during a brief memory analisys demonstration with Volatility, I've used a memory dump of a system infected with the "old-but-gold" Stuxnet. But, one of the spectators asked me additional info about this malware, so I decided to… read more »
  • Jun 18, 2021

    How “Process Ghosting“ works

    The Elastic Security team recently revealed a new technique for malware obfuscation and evasion called Process Ghosting, that allows tampering of in-memory mappings of executable files on Microsoft Windows. The technique [1] is the evolution of already known attack methods… read more »
  • Jun 12, 2021

    "The Journey": get comfortable, it will take some time

    I no longer compose music for work, and this allows me to publish my musical ideas without worrying too much about the reactions of the public: do they like it? Well! Do not like? I do not care! So, recently… read more »
  • Jun 5, 2021

    dfir_ntfs: a forensic parser for NTFS filesystems

    NTFS filesystem is a gold mine for forensic analysis on Microsoft Windows systems. There are a lot of tools useful for extract a timeline of the activities on the filesystem, or for search anomalies that identify time stomping events. Recently… read more »
  • May 29, 2021

    “Soundscapes”, my spectral music experimentation

    I've always been fascinated by the works of Gérard Grisey, a french composer pioneer of the Spectralist movement. According to Wikipedia [1], spectral music is …an acoustic musical practice where compositional decisions are often informed by sonographic representations and mathematical analysis of sound spectra, or by mathematically generated… read more »
  • May 22, 2021

    iLEAPP: an iOS logs, events, and plists parser

    iLEAPP is a good iOS forensic tool developed by Alexis Brignoni. It’s composed by a set of python script previously developed by Alexis, collected in a single, useful, tool. iLEAPP [1] is developed in order to help forensic analyst during… read more »
  • May 15, 2021

    iOS Forensics: how to perform a logical acquisition with libimobiledevice

    On iOS devices, due the well-known os restrictions, logical acquisition is the most common type of data extraction during digital forensic investigations. There are a lot of commercial forensic tools able to perform this step, but this type of acquisition… read more »
  • May 1, 2021

    How smartphones reacts to IMSI catching attacks?

    I recently happened to read a research, presented during the ACM WINTECH 2020 conference, related to IMSI Catchers and their exploitation for tracking users of mobile devices. Mobile telephony standards have always used and recorded user's locations: when a user… read more »