Badly behaving scripts
As browser and operating system security have been improving, there has been a rise in conventional malware attacks relying …
As browser and operating system security have been improving, there has been a rise in conventional malware attacks relying …
Lee Holmes has posted about how to extract activity history from PowerShell process dumps. Such dumps may be gold mines, esp…
This episode of “Introduction to Windows Forensics” covers triage image creation. Richard Davis uses FTK Imager …
Malcom is a tool designed to analyze a system’s network communication using graphical representations of network traff…
Olaf Hartong has writted a blog post in which he shows how to use âCreate Remote Threadâ events to detect process injection …
PasteHunter is a Python3 application that is designed to query a collection of sites that host publicliy pasted data. For al…
Andrea Fortuna created the AutoTimeliner, a tool that “automagically extract forensic timeline from volatile memory du…
A planned methodology for developing and implementing a forensically sound incident response plan in Microsoftâs Office 365 …
Andrea Fortunan has released his “The Little Handbook of Windows Forensics”. Here is the description from the au…
Brian Carrier and Chris Ray have found a way how to run PsExec and not reveal admin password hash. Check this blog post to l…
Login