Andrea Fortuna
AboutRss
  • Jan 6, 2021

    How to detect Cobalt Strike Beacons using Volatility

    Recently I’ve already written about Cobalt Strike detection during forensics analysis. However, some followers asked my if it was possibile to perform this activities using Volatility, in order to integrate them in existing analysis workflows. Well, a solution has been… read more »
  • Dec 25, 2020

    “I'll Be Home for Christmas”, my Christmas single, is out!

    I think that music composition is very calming, then, during my Christmas holidays, I tried to relax as much as I could. Along with several songs started but never finished, I was able to complete a piece started exactly 1… read more »
  • Dec 23, 2020

    How to process recent Windows 10 memory dumps in Volatility 2

    Today I want to briefly take up a topic already addressed in a previous post: analysis of Windows 10 memory dumps using Volatility 2. In my previous article, I've recommended to use a FireEye's custom version of Volatility [1], with… read more »
  • Dec 21, 2020

    How to boot an Encase (E01) image using VirtualBox

    Sometimes, during an incident analysis, you may need to replicate behaviours of a specific host, perhaps already acquired with a forensic method. In order to perform this test, you first need to create a VM starting from a forensic image,… read more »
  • Dec 14, 2020

    Mobile forensics: how to identify suspicious network traffic

    During a forensic analysis on mobile devices, especially when you are not able to perform a full memory acquisition, a network traffic analysis could be useful in order to identify suspicious activities. In the past, I used a linux box… read more »
  • Dec 7, 2020

    OSX Forensics: a brief selection of useful tools

    Today I’d like to share a brief list of useful tools I use for OSX analysis. I’ve already talked about OSX forensics, in a post focused on acquisition workflow. Today, I share a list of tools useful during the analysis… read more »
  • Dec 3, 2020

    How to extract forensic artifacts from Linux swap

    In order to expand the address space that is effectively usable by a process and to expand the amount of dynamic RAM, modern operating systems use the method known as swapping. In Linux systems this typically shows up in the… read more »
  • Nov 30, 2020

    Technology Roundup #18

    “Technology is just a tool. In terms of getting the kids working together and motivating them, the teacher is the most important” - Bill Gates Baby Yoda Flies to The ISS With The SpaceX Crew Sure, we might not be… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andrea-fortuna
  • andrea

Cybersecurity expert, software developer, experienced digital forensic analyst, musician