Dan Pullega has published a useful “forensics quickie” in his blog. In the post he shows how to access and copy files out of Volume Shadow Copies (VSCs) from live systems remotely.
-
Launching APOLLO: Creating a Simple Tool for Advanced Forensic Analysis
Last week Sarah Edwards attended MacDevOpsYVR in Vancouver, Canada, and had a talk about h… -
Automated Hunting of Memory Resident Malware at Scale
Memhunter is an endpoint sensor tool that is specialized in detecing resident malware, imp… -
Detection of Malicious Activities in Internet of Things Environment Based on Binary Visualization and Machine Intelligence
Internet of Things (IoT) devices are increasingly deployed for different purposes such as …
Load More Related Articles
-
Finding Registry Malware Persistence with RECmd
Chad Tilbury has writen a post on how to use Eric Zimmerman’s RECmd and its batch fi… -
Detecting PowerShell Empire Shenanigans with Sysinternals
In this post Ben Bornholm writes about how to detect PowerShell Empire using the tools fro… -
Analyzing the Windows LNK File Attack Method
An interesting post by D3xt3r’s Malware Laboratory describing another example of usi…
Load More In Tips & Tricks
