-
Jan 26, 2021
The malware analyst Karsten Hahn recently published a very interesting video about the analysis of a sample of the well-known malware Ursnif. Ursnif is a banking trojan and variant of the Gozi malware observed being spread through various automated exploit… read more »
-
Jan 19, 2021
I mean no offense to real piano players but, despite I am a guitarist, I always loved the sound of piano. And ever since I started composing my music, most of my songs are written with the voice of a… read more »
-
Jan 11, 2021
The recent controversies related to new WhatsApp's Privacy Policy have lead many users to start looking for new alternatives. Actually, WhatsApp claims to provide end-to-end encryption [1], which is a great security feature. There are, however, several loopholes, on which… read more »
-
Jan 6, 2021
Recently I’ve already written about Cobalt Strike detection during forensics analysis. However, some followers asked my if it was possibile to perform this activities using Volatility, in order to integrate them in existing analysis workflows. Well, a solution has been… read more »
-
Dec 25, 2020
I think that music composition is very calming, then, during my Christmas holidays, I tried to relax as much as I could. Along with several songs started but never finished, I was able to complete a piece started exactly 1… read more »
-
Dec 23, 2020
Today I want to briefly take up a topic already addressed in a previous post: analysis of Windows 10 memory dumps using Volatility 2. In my previous article, I've recommended to use a FireEye's custom version of Volatility [1], with… read more »
-
Dec 21, 2020
Sometimes, during an incident analysis, you may need to replicate behaviours of a specific host, perhaps already acquired with a forensic method. In order to perform this test, you first need to create a VM starting from a forensic image,… read more »
-
Dec 14, 2020
During a forensic analysis on mobile devices, especially when you are not able to perform a full memory acquisition, a network traffic analysis could be useful in order to identify suspicious activities. In the past, I used a linux box… read more »