Imaginary C2: Malware Network Behavior Analysis Tool
Imaginary C2 is a python tool which aims to help in the behavioral (network) analysis of malware. Imaginary C2 hosts a HTTP …
Persistence Mechanisms
As a continuation of the “Introduction to Windows Forensics” series by Richard Davis, this episode looks at pers…
Defcon DFIR CTF 2018 Open to the Public
David Cowen has posted Defcon DFIR CTF 2018 images and questions at his blog. It’s time to download them and have a go…
POSH-Triage
Mike Cary has written a PowerShell script that automates the use of Eric Zimmerman’s cmd line tools (https://ericzimme…
Magnet User Summit CTF: Intrusion
So, we decided to finish our write-up today. The forth part – the most interesting part. Intrusion! Again, no more AXI…
Magnet User Summit CTF: Exfiltration
Hope you are having a great Sunday, and we are continuing our write-up. No more AXIOM, by the way! You wanted open source to…
Magnet User Summit CTF: Misc
We are continuing our write-up. The second part will walk you through the solution of the second set of CTF problems –…
RDP Event Log Forensics
As a continuation of the “Introduction to Windows Forensics” series, this episode takes a comprehensive look at …
DFIR Summit & Training 2018
SANS Institute has published the presentations from DFIR Summit & Training 2018. You can find all of them here. …
Windows Phone Physical Imaging Without JTAG and Chip-off
Windows Phones are not frequent guests of our digital forensic lab, especially now, as Microsoft stopped developing the plat…
