April 20, 2021

Cyber Forensicator

  • Articles
  • Books
  • Contact
  • How To
  • News
  • Presentations
  • Science
  • Software
  • Tips & Tricks
  • Videos
  • Webinars
  • White Papers
Home How To (page 5)

How To

How To

Using Powerforensics for Windows LNK Analysis

In this post Lionel Faleiro shows how to use Powerforensics, a PowerShell framework created for hard drive forensic analysis by Jared Atkinson, for Windows LNK forensic analysis.

Read More
How To

How to Remotely Dump Linux RAM

Here is a guide on how to remotely dump Linux RAM with LiMEaide – a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later analysis on your forensic workstation. The process includes six steps: Make a remote connection with specified client over SSH Transfer necessary build files to the remote machine Build the …

Read More
How To

Understanding Orphaned Files

Phill Moore has written a nice post in his new blog – ThinkDFIR. This post will help you to understand what orphaned files are (of course if you still don’t know).

Read More
How To

Memory Acquisition and Virtual Secure Mode

Jason Hale has published a post about the impact of VBS on memory acqusition. With Windows 10 and Server 2016, Microsoft added the option to enable various forms of virtualization-based security (VBS), such as Credential Guard, Device Guard, Application Guard, and more. In the post you will learn which tools to use to overcome these new features.

Read More
How To

Finding the Serial Number of a Mac from Disk Image

Yogesh Khatri has published a very useful post – he shows how to find the serial number of a Mac computer or laptop. There are a few system databases that store this information and make it available for forensic investigators to use: consolidated.db cache_encryptedA.db lockCache_encryptedA.db You can find information about the databases location in the original post.

Read More
How To

Android Recovery Acquisitions with Magnet AXIOM

In this post Jamie McQuaid from Magnet Forensics shows how to create Android physical images via custom recovery with AXIOM, step by step. Flashing a recovery image to an Android device will work on a phone even if it has a passcode lock, bypassing it completely and allowing you to acquire a full physical image of the device.

Read More
How To

How to Recover Event Logs from a Windows Memory Image

Another interesting article has been posted by Andrea Fortuna. This time he is writing about event logs recovery from a Windows memory image. The author uses two approaches, depending on OS version. If he deals with Windows XP and 2003, he uses evtlogs Volatility plugin, for other Windows versions he uses Willi Ballenthin’s EVTXtract.

Read More
How To

Carving EVTX

Quentin Jerome from RawSec shared an article on carving Windows Event Logs in EVTX format. He gives a short overview of the EVTX file format, presents carving pseudo-algorithm and a bunch of experiments.

Read More
How To

Mac RAM Imaging and Analysis

BlackBag Training Team has published a post about Mac memory imaging and analysis. They start from different ways of capturing RAM: with administrator’s password and via reboot (yes, reboot) with MacQuisition. The team finishes their post with analysis of captured image with BlackLight.

Read More
How To

Fuzzy Hashing with SSDEEP

In this video Joshua James uses SSDEEP to create fuzzy hashes of text and image files, and compare the similarity between files in a directory. SSDEEP is used to create hashes that are not exact matches, but instead compare similarity between two files at the binary level. It can be used to look for modified and original documents, or compare …

Read More
Page 5 of 11First...34567 10...Last

Follow Us

About Us

Cyber Forensicator is a web-project by Igor Mikhaylov and Oleg Skulkin aiming on collecting all most interesting and important cyber and digital forensics news, articles, presentations, and so on, in one place.

Popular Posts

Open Sourcing JA3: SSL/TLS Client Fingerprinting for Malware Detection

October 20, 2017

Cloud Forensics: Analyzing MEGASync

April 15, 2018

Windows Phone Physical Imaging Without JTAG and Chip-off

June 3, 2018

Timeline

  • March 4, 2021

    Find out what happened during a ransomware attack on computer

  • January 24, 2021

    Analyzing videos with multiple video streams in digital forensics

  • December 19, 2020

    PC3000 Portable III in Digital Forensics

  • December 18, 2020

    How to analyze different types of devices and find connections between them

  • July 5, 2020

    Threat Hunting: What it Is, and What it Is Not

CyberForensicator.com © Copyright 2016-2021, All Rights Reserved

Login

Welcome!Log into your account