Memory forensics and the Windows Subsystem for Linux
The Windows Subsystem for Linux (WSL) was first included in the Anniversary Update of Microsoft’s Windows 10 operating…
Join our Telegram DFIR group!
Guys, we have created a Telegram group, where we will do our best to answer all your questions. We will be very happy if you…
LiMEaide: Dump Linux Memory Remotely
LiMEaide is a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later a…
Linux Binary Poisoning Detection
In this post guys from Sandfly Security describe the process of detection poisoned Linux binaries. You will learn about the …
Detecting script-based attacks on Linux
In this post John Booth describes how to detect encoded or obfuscated command-lines used by attackers on Linus hosts. As you…
Simple Linux Forensics
Craig Rowland from Sandfly Security goes over simple tactics and techniques you can use to assess a Linux host for signs of …
XFS (Part 1) – The Superblock
Hal Pomeranz has started a series of blog posts about forensic analysis of XFS file system. XFS is becoming more common on L…
What is new in Belkasoft Evidence Center 9.0
In this video, Belkasoft discusses new features of Evidence Center version 9.0 such as new reporting, deduplication, PhotoDN…
Forensic 4:cast Awards 2018 – Voting is Open
Lee Whitfield has presented Forensic 4:cast Awards 2018 nominees. Oleg’s book – Windows Forensics Cookbook is no…
GVFS metadata: Shellbags for Linux
There are a number of techniques that the perpetrator of an offence may use to hide data. These techniques include storing d…
