This Autopsy plugin by Rebecca Anderson won Autopsy Plugin Contest this year at Open Source Digital Forensics Conference (OSDFCon). It searches Virus Total for SHA1 hashes of executables from amcache. You can get the plugin here.
-
Looking at Microsoft Teams from a DFIR Perspective
David Cowen’s Sunday Funday is back, so why not to take part in this fun? Last Sunda… -
Forensic Walkthrough: QBot Infection
For some reason, there are not so many posts on forensic examination of hosts infected wit… -
SQM: New Evidence of Execution Source?
Forensicating one of compromised hosts during our recent incident response activities we h…
Load More Related Articles
-
Automated Hunting of Memory Resident Malware at Scale
Memhunter is an endpoint sensor tool that is specialized in detecing resident malware, imp… -
Autopsy 4.11.0 Released
The new version of Autopsy has been released. New Features: Adding Data: Hashes can option… -
Extract Configuration Data of Known Malware with MalConfScan
JPCERT has released a Volatility plugin called MalConfScan. The plugin can be used to extr…
Load More In Software
Comments are closed.
