Triage Image Creation
This episode of “Introduction to Windows Forensics” covers triage image creation. Richard Davis uses FTK Imager …
Malcom: Malware Communication Analyzer
Malcom is a tool designed to analyze a system’s network communication using graphical representations of network traff…
Cobalt Strike Remote Threads Detection
Olaf Hartong has writted a blog post in which he shows how to use âCreate Remote Threadâ events to detect process injection …
PasteHunter
PasteHunter is a Python3 application that is designed to query a collection of sites that host publicliy pasted data. For al…
Extract forensic timeline from memory dumps with AutoTimeliner
Andrea Fortuna created the AutoTimeliner, a tool that “automagically extract forensic timeline from volatile memory du…
A Planned Methodology for Forensically Sound IR in Office 365
A planned methodology for developing and implementing a forensically sound incident response plan in Microsoftâs Office 365 …
The Little Handbook of Windows Forensics
Andrea Fortunan has released his “The Little Handbook of Windows Forensics”. Here is the description from the au…
Robust Use of PsExec That Doesnât Reveal Password Hashes
Brian Carrier and Chris Ray have found a way how to run PsExec and not reveal admin password hash. Check this blog post to l…
DEFT X Virtual Appliance is Available for Downloading
The latest version of the system dedicated to forensic analysis and incident management, DEFT X, is released and available f…
$SignaturesAreDead = âLong Live RESILIENT Signatures”
Signatures are dead, or so weâre told. Itâs true that many items that are shared as Indicators of Compromise (file names/pat…
