In this video Mark Baggett will show you how you can use a tool named SRUM-DUMP to capture critical DFIR (Digital Forensics and Incident Response) data like the dates and times processes were executed, which networks they used, how much data was transmitted and received, the Security Identifier of the user that launched the process and more. Then Mark will show you a tip that developers of forensics tools can use to convert binary flags into their associated text descriptions.
-
Threat Hunting: What it Is, and What it Is Not
Nowadays everybody is talking about threat hunting. Everyone wants to be a threat hunter. … -
Looking at Microsoft Teams from a DFIR Perspective
David Cowen’s Sunday Funday is back, so why not to take part in this fun? Last Sunda… -
SQM: New Evidence of Execution Source?
Forensicating one of compromised hosts during our recent incident response activities we h…
Load More Related Articles
-
Step by Step Guide to iOS Jailbreaking and Physical Acquisition
Oleg Afonin from Elcomsoft has posted a step by step guide on how to perform jailbreaking … -
Creating a File System Image of iOS12
Apple’s iOS 12 is the latest iteration in their mobile device software. With each it… -
Parsing Carved EVTX Records Using EvtxECmd
Teru Yamazaki has posted about how to extract Windows Event Log files from allocated space…
Load More In How To
Comments are closed.
