Dan Pullega has published a useful “forensics quickie” in his blog. In the post he shows how to access and copy files out of Volume Shadow Copies (VSCs) from live systems remotely.
-
Recover Deleted Records in Windows.edb with WinSearchDBAnalyzer
WinSearchDBAnalyzer by Jeonghyeon Kim can parse normal records and recover deleted records… -
Visual Analysis with ProcDOT
In the new episode of “Introduction to Malware Analysis” series Richard Davis … -
Amcache Forensics: Populated or Not?
New Sunday – new Funday! This week’s Sunday Funday presented the following cha…
Load More Related Articles
-
Cobalt Strike Remote Threads Detection
Olaf Hartong has writted a blog post in which he shows how to use “Create Remote Thread” e… -
Robust Use of PsExec That Doesn’t Reveal Password Hashes
Brian Carrier and Chris Ray have found a way how to run PsExec and not reveal admin passwo… -
Beyond good ol’ LaunchAgent – part 0
Pasquale Stirparo has started a post series about macOS persistense mechanisms titled R…
Load More In Tips & Tricks