Posts Tagged ‘windows memory forensics’

Most Recent
 
Read More
2017-09-07

Practical Memory Forensics

A user of Youtube called Black Hat shared short video ‘Preview: A Practical Approach to Malware Analysis and Memory Forensics’.

 

211
 
Read More
2017-03-06

Gargoyle and Memory Forensics

Gargoyle is a way of hiding all the executable program code in non-executable memory. It is implemented only for 32-bit Windows (64-bit Windows on Windows, excellent). Performing live memory analysis can be a very expensive operation, if you use Defender Windows. Gargoyles shows that the method to reduce the computational load is a limit on the analysis of only the executable code pages, it is a risky the approach. Through the use of the Windows, asynchronous procedure calls, read / write memory can only be used as an executable memory to perform certain tasks.

 

138
 
Read More
2017-02-15

Memory Forensics with Vshot and Remnux

Today we will talk about memory analysis with the help of plugins from the Vshot script. SAMUEL ALONSO gives a list of plugins:

 

166
 
Read More
2016-11-14

Use the Graphics User Interface for Volatility Framework.

Several digital investigators dislike to use the command line. Volatility Framework is the best tool for memory forensics.  Waqas Ahmad developed Graphics User Interface for Volatility Framework.

320
Latest Headlines
 
Read More
627
 
Read More
349
 
Read More
695

Trending Topics
digital forensics
computer forensics
Articles
mobile forensics
DFIR
digital forensics software
Android forensics
windows forensics
incident response
Top Stories
 
 
Right Now
 
bstrings 1.0 released
Top Five
Heat Index
 
1
Decrypting encrypted WhatsApp databases without the key
 
2
How to Make the Forensic Image of the Hard Drive
 
3
Extracting data from SmartSwitch backups
 
4
Forensic tools for your Mac
 
5
An Overview of Web Browser Forensics