Dan Pullega has published a useful “forensics quickie” in his blog. In the post he shows how to access and copy files out of Volume Shadow Copies (VSCs) from live systems remotely.
-
Deep Analysis of New Poison Ivy Variant
Recently, the FortiGuard Labs research team observed that a new variant of Poison Ivy was … -
Understanding Orphaned Files
Phill Moore has written a nice post in his new blog – ThinkDFIR. This post will help… -
Memory Acquisition and Virtual Secure Mode
Jason Hale has published a post about the impact of VBS on memory acqusition. With Windows…
Load More Related Articles
-
Deep Analysis of New Poison Ivy Variant
Recently, the FortiGuard Labs research team observed that a new variant of Poison Ivy was … -
Using Outlook Forms for Lateral Movement and Persistence
During a recent investigation, CrowdStrike Services team identified an adversary attack me… -
Forensic Case Files: Chip Off, Chip On, The Chipper!
Cindy Murthy has published a post about her recent case where she and her team transplante…
Load More In Tips & Tricks
