A Live Forensic Distribution Executing Malicious Code from a Suspect Drive
Maxim Suhanov has started a DFIR blog, and already submitted the first post – “A Live Forensic Distribution Exec…
Detecting Malicious PowerShell Commands using Deep Neural Networks
Microsoft’s PowerShell is a command-line shell and scripting language that is installed by default on Windows machines…
Fiddling with Flash Drive Forensics
Fiddling with Flash Drive Forensics – Alexander Klepal “””It always makes me nervous when you ask qu…
LiMEaide: Dump Linux Memory Remotely
LiMEaide is a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later a…
Memtriage: a tool for Windows memory live analysis
Memtriage allows you to quickly query a live Windows machine for RAM artifacts. This tool utilizes the Winpmem drivers to ac…
Secret Office 365 Activities API
This is a quick look at the recently revealed “activities” API within Office 365. This undocumented interface pr…
Magnet User Summit CTF: Intrusion
So, we decided to finish our write-up today. The forth part – the most interesting part. Intrusion! Again, no more AXI…
Magnet User Summit CTF: Exfiltration
Hope you are having a great Sunday, and we are continuing our write-up. No more AXIOM, by the way! You wanted open source to…
Magnet User Summit CTF: Misc
We are continuing our write-up. The second part will walk you through the solution of the second set of CTF problems –…
Magnet User Summit CTF: Anti-Forensics
Yesterday Troy Schnack and Kevin Pagano suggested on Twitter that it would be good to write how I solved Magnet User Summit …
