Automating Large-Scale Memory Forensics
Henrik Johansen has published a post about how to automate memory forensics process as much as possible. He starts from the …
Taking Hunting to the Next Level: Hunting in Memory
The vast majority of threat hunting takes place on easily visible and accessible system artifacts. These include log entries…
Investigating Malware Using Registry Forensics
Here is Jason Hale’s talk from Louisville Infosec 2017 titled “Investigating Malware Using Registry Forensi…
FLARE-On Challenge is Coming Very Soon
The fourth challenge by the FireEye Labs Advanced Reverse Engineering (FLARE) team will be started in 10 hours. Don’t …
Windows Memory Analysis
As a continuation of the “Introduction to Memory Forensics” video, Richard Davis will show you how to use Volatility to anal…
Deep Analysis of New Poison Ivy Variant
Recently, the FortiGuard Labs research team observed that a new variant of Poison Ivy was being spread t…
Memory Acquisition and Virtual Secure Mode
Jason Hale has published a post about the impact of VBS on memory acqusition. With Windows 10 and Server 2016, Microsoft add…
Scanning Memory with Yara
Memory analysis has been successfully utilized to detect malware in many high profile cases. The use of signature scanning t…
Gaslight: A comprehensive fuzzing architecture for memory forensics frameworks
Memory forensics is now a standard component of digital forensic investigations and incident response handling, since memory…
FLARE VM – a fully customizable, Windows-based security distribution for malware analysis
FLARE VM is a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration t…
