-
-
Recent Posts
-
Categories
- Academia (21)
- Android (1)
- Anti-Forensics (2)
- AntiX (4)
- Apache/Tomcat (8)
- Arabnix (6)
- BackTrack (5)
- Books (17)
- C5W (1)
- Challenges (5)
- Companies (16)
- Conferences (1)
- Cyber 5W (2)
- Database (23)
- Development (31)
- DFIR (14)
- Exploitation (8)
- File Systems (1)
- Firewalls (20)
- Footprinting (14)
- Forensics (22)
- Fun (28)
- GNU/Linux (101)
- HDFS (1)
- IDS/IPS (4)
- Investigations (13)
- Kernel (24)
- Life (161)
- Linux Security (68)
- Linux Services (37)
- Malware (9)
- Memory (1)
- Metasploit (6)
- Mobile (3)
- Networks (44)
- News (75)
- OSINT (6)
- Patch Management (5)
- PCI Compliance (8)
- PenTest (52)
- Poems (9)
- PortKnocking (10)
- Privacy (4)
- Publications (12)
- Real Madrid (17)
- Research (6)
- Security (84)
- Snippets (33)
- Social Engineering (4)
- Software/Tools (53)
- Sport (78)
- ThreatHunting (4)
- Unix (12)
- Virtualization (27)
- Vulnerability (7)
- Web Security (12)
- Webapp (4)
- WHM/Cpanel (6)
- Windows (19)
- Workshops (2)
- z0ne (16)
Archives
Tag Archives: anti-forensics
Memory Forensics – RansomCare Investigation Case 1
In this case you are required analyze a memory dump of a Windows 10 system that has been hit with RansomCare. E01 for the Memory Dump could be found: here Find RansomCare’s code, dump it. and explain what happened to … Continue reading
Posted in Anti-Forensics, Challenges, Cyber 5W, DFIR, Forensics, Investigations, Malware
Tagged anti-forensics, Case Study, Challenge, DFIR, Investigation, Malware, memory forensics, RansomCare, Ransomware
Comments Off on Memory Forensics – RansomCare Investigation Case 1
Challenge #9 – Encrypt Them All Case
In this case you are required to decrypt all the data and files that have been encrypted using different crypto methods. E01 for the drive could be found: here #1: Lost in Space: We noticed that the whole communication started … Continue reading
Posted in Anti-Forensics, Challenges, DFIR, Forensics, Investigations, Windows
Tagged aes, anti-forensics, bit-locker, challenges, DFIR, gnupg, Investigations
Comments Off on Challenge #9 – Encrypt Them All Case
Update: Hidden Prefetch Files Detection using New PECmd
Before diving into this post, I wanted to say, that I have been teaching digital forensics for a long time by now, and in my Operating System Forensics class, I use Eric Zimmerman‘s tools a lot, and when I say … Continue reading
Posted in AntiX, ThreatHunting, Windows
Tagged ads, alternate data streams, anti-forensics, EXE, malicious, Prefetch, stealth, threathunting, Windows
Comments Off on Update: Hidden Prefetch Files Detection using New PECmd
Creating a Hidden Prefetch File to Bypass Normal Forensic Analysis
While doing more experiments of running EXEs and Malicious EXEs from ADS and Stealthy ADS to continue my previous work “Can We Say Farewell to Hiding Malicious EXEs in Stealth ADS“, and in order to create a forensic image and … Continue reading
Posted in AntiX, Forensics, ThreatHunting, Windows
Tagged ads, alternate data streams, anti-forensics, EXE, malicious, Prefetch, stealth, threathunting, Windows
Comments Off on Creating a Hidden Prefetch File to Bypass Normal Forensic Analysis
