Category Archives: Forensics

Cuckoo VM for Malware Analysis

Posted on 31 October 2019 by [email protected]

Cuckoo VM prepared for Malware Analysis Continue reading

Posted in Forensics, Malware, Research, ThreatHunting, Virtualization | Tagged , , , , , | Comments Off on Cuckoo VM for Malware Analysis

Acquiring Linux Memory using AVML and Using it with Volatility

Posted on 20 June 2019 by [email protected]

This is another quick post going over the process to acquire memory from a Linux system, but instead of using LiME, I’m going to use AVML which stands for Acquire Volatile Memory for Linux, and could be found here. The … Continue reading

Posted in DFIR, Forensics, Memory, Software/Tools | Tagged , , , , , , , | Comments Off on Acquiring Linux Memory using AVML and Using it with Volatility

Windows InstallTime vs InstallDate Registry Values

Posted on 31 May 2019 by [email protected]

This is just a quick post about two Registry Values InstallTime and InstallDate which are found under the following key: SOFTWARE\Microsoft\Windows NT\CurrentVersion The confusion happens when my students ask which one is correct?

Posted in Forensics, Windows | Tagged , , , , , , | Comments Off on Windows InstallTime vs InstallDate Registry Values

Creating a Hidden Prefetch File to Bypass Normal Forensic Analysis

Posted on 26 May 2019 by [email protected]

While doing more experiments of running EXEs and Malicious EXEs from ADS and Stealthy ADS to continue my previous work “Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS“, and in order to create a forensic image and … Continue reading

Posted in AntiX, Forensics, ThreatHunting, Windows | Tagged , , , , , , , , | Comments Off on Creating a Hidden Prefetch File to Bypass Normal Forensic Analysis

Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS

Posted on 24 May 2019 by [email protected]

One of my current students asked if using Stealth Alternate Data Streams (ADS), could bypass AVs? Therefore, I wanted to prove that for the student by doing a simple experiment. What was done is the following: 1. Turned off Windows … Continue reading

Posted in AntiX, Forensics, Malware, Metasploit, Windows | Tagged , , , , , , | Comments Off on Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS