-
Jul 31, 2017
Volatility has the ability to carve the Windows registry data. (Other articles about Volatility: https://www.andreafortuna.org/category/volatility) hivescan To find the physical addresses of CMHIVEs (registry hives) in memory, use the hivescan command. For more information: Enumerating Registry Hives The Windows registry can… read more »
-
Jul 27, 2017
A fully configured platform with open source tools FLARE VM is a freely available and open sourced Windows-based security distribution for reverse engineering, malware analysis, incident response, forensics analysis, and penetration tests. FLARE VM delivers a fully configured platform with a… read more »
-
Jul 25, 2017
A fast and thorough forensic tool bulk_extractor is a computer forensics tool that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system structure. Using this approach, bulk_extractor is more fast… read more »
-
Jul 24, 2017
This time we try to analyze the network connections, valuable material during the analysis phase. connections To view TCP connections that were active at the time of the memory acquisition, use the connections command. This walks the singly-linked list of… read more »
-
Jul 21, 2017
Can i manage my home-server using Telegram? batbot.sh is a bash Telegram Bot developed by Andrea Menin. It can reply to user messages, execute commands, and others cool features. [embed]https://www.youtube.com/watch?v=CZbD49nzWSE[/embed] Usage ./botbat.sh [-t "<token>"] [-c <seconds>] ./botbat.sh -h -t Set… read more »
-
Jul 20, 2017
Using Volatility and EVTXtract Usually i use a different approach based on Windows version: Windows XP and 2003 machines Simply use the evtlogs plugin of Volatility: The evtlogs command extracts and parses binary event logs from memory. Binary event logs are… read more »
-
Jul 19, 2017
Really useful in the first phases of a penetration test XRay is a tool for network OSINT gathering developed by Simone Margaritelli, useful to make initial tasks of information gathering and network mapping. It make a bruteforce of subdomains using… read more »
-
Jul 18, 2017
The most important file in a NTFS filesystem During a forensics analysis, after evidence acquisition, the investigation starts by doing a timeline analysis, that extract from the images all information on when files were modified, accessed, changed and created. Different… read more »
-
Jul 17, 2017
Let’s go down a bit more deeply in the system, and let’s go to find kernel modules into the memory dump. modules To view the list of kernel drivers loaded on the system, use the modules command. This walks the… read more »
-
Jul 16, 2017
A simple piece, good for novice students Tonight is the night! The sixth season of Game Of Thrones ends with a big explosion and a beautiful music theme written by Ramin Djawadi. Often to my guitar students I propose small studies… read more »
-
Jul 14, 2017
Some days ago i’ve written a post about the “Ultra-Geek” Linux Workstation developed by Joe Nelson. Reading his post, I found many similarities with the current configuration of my laptop. So I decided to share the setup of my ‘Ultra-Geek… read more »
-
Jul 13, 2017
Like ‘sed’, for JSON data jq is like sed for JSON data - you can use it to slice and filter and map and transform structured data with the same ease that sed, awk, grep and friends let you play with… read more »
-
Jul 12, 2017
An Open Source tool for analyzing web artifacts. Hindsight is a open source tool for parsing a user’s Chrome browser data. Hindsight can parse a number of different types of web artifacts, including URLs, download history, cache records, bookmarks, autofill… read more »
-
Jul 11, 2017
Kaspersky Releases an Open Source Digital Forensics Tool Bitscout initially started as a hobby project a few years ago (version 1.0 was never released to the public), and it has been continually improved based on the requirements that arose in… read more »
-
Jul 10, 2017
Let’s try to analyze the memory in more detail… If we try to analyze the memory more thoroughly, without focusing only on the processes, we can find other interesting information. memmap The memmap command shows you exactly which pages are memory… read more »
-
Jul 7, 2017
Why do humans eat meat? Dr. Melanie Joy believes humans eat meat due to the long-engrained ideology of carnism: “Carnism is a dominant ideology, which means it’s embedded deeply in society to the point that it’s considered ‘just the way things are,’”… read more »
-
Jul 6, 2017
Once executed on target system, a malware try to hide itself and achieving persistence on the exploited machine, in order to continue to act even after system reboot. Today let’s try to focus on Windows systems, which have a lot… read more »
-
Jul 5, 2017
A valuable historical document In the 1960s, the Italian TV broadcaster RAI broadcast a fascinating concert by Andres Segovia.I’ve found a copy on Youtube, the sound is slightly distorted, but the program very respectable: 1:27 — “Da un Codice Lautenbuch”, Six lute… read more »
-
Jul 4, 2017
Just some random thoughts about this kind of threat Some days ago, a non-technical friend asked me some informations about ‘fileless malware’. Has been pretty difficult to explain this concept to a person lacking a correct security knowledge, so i have… read more »
-
Jul 3, 2017
Once identified the correct profile, we can start to analyze the processes in the memory and, when the dump come from a windows system, the loaded DLLs. pslist To list the processes of a system, use the pslist command. This walks the… read more »