Home Software Pagefile forensics: page_brute

Pagefile forensics: page_brute

0
0
1,061

page_brute.py is a digital forensic tool purposed to analyze and categorize individual paged memory frames from Windows Page Files by appying YARA-based signatures to fix-sized blocks of pagefile.sys.

This tool can be used to:

  • Disambiguate evidence within pagefile.sys by logically grouping blocks/pages into categories based on YARA rulesets of forensic artifacts that follow a pattern/convention.
  • Identify page files that contain remanants of popular cleartext protocols such as HTTP/FTP, etc to identify network activities.
  • Identify potential attacker activities based on popular command syntaxes used during internal propagations.
  • Identify evidence of active malware infections based on YARA signatures for known malware.
  • Isolate page files that contain signatures/magic values for popular file formats for more precise file carving.

Learn more about the tool at GitHub.

Load More Related Articles
  • Make Your Debian a Forensic Workstation

    If you are looking for a SIFT replacement and already have a Debian workstation, this pack…
  • Autopsy 4.6.0 Linux Beta 1

    The first beta Linux version of your favourite open source DFIR tool Autopsy. You can down…
  • Introducing USB Detective

    Jason Hale has presented his USB Detective tool in this post. USB Detective aims to ease t…
Load More In Software

Leave a Reply to Anonymous Cancel reply

Your email address will not be published. Required fields are marked *