Dan Pullega has published a useful “forensics quickie” in his blog. In the post he shows how to access and copy files out of Volume Shadow Copies (VSCs) from live systems remotely.
-
Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection
A JA3 hash represents the fingerprint of an SSL/TLS client application as detected via a n… -
Amcache and USB Device Tracking
Jason Hale has published an interesting post on how to use the amcache to track USB device… -
Digital Forensics and Incident Response (DFIR) for ICS Embedded Devices
Chris Sistrunk of Mandiant shows tools and tips on the very new field of DFIR for PLC̵…
Load More Related Articles
-
Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection
A JA3 hash represents the fingerprint of an SSL/TLS client application as detected via a n… -
Memory Forensics in Clouds and Containers
Alex Maestretti has published an interesting post about userland memory acquisition and ta… -
Automating Large-Scale Memory Forensics
Henrik Johansen has published a post about how to automate memory forensics process as muc…
Load More In Tips & Tricks
