Home Software Pagefile forensics: page_brute

Pagefile forensics: page_brute


page_brute.py is a digital forensic tool purposed to analyze and categorize individual paged memory frames from Windows Page Files by appying YARA-based signatures to fix-sized blocks of pagefile.sys.

This tool can be used to:

  • Disambiguate evidence within pagefile.sys by logically grouping blocks/pages into categories based on YARA rulesets of forensic artifacts that follow a pattern/convention.
  • Identify page files that contain remanants of popular cleartext protocols such as HTTP/FTP, etc to identify network activities.
  • Identify potential attacker activities based on popular command syntaxes used during internal propagations.
  • Identify evidence of active malware infections based on YARA signatures for known malware.
  • Isolate page files that contain signatures/magic values for popular file formats for more precise file carving.

Learn more about the tool at GitHub.

Load More Related Articles
Load More In Software

One Comment

  1. cbd oil

    March 30, 2020 at 3:49 am

    This design is spectacular! You most certainly
    know how to keep a reader entertained. Between your wit and your videos,
    I was almost moved to start my own blog (well, almost…HaHa!) Great
    job. I really enjoyed what you had to say, and more than that, how you presented it.
    Too cool!

Leave a Reply to Howarddrymn Cancel reply

Your email address will not be published.