Collaborate Disseminate
What is the simplest or most common method to read a value, for example a text, from the RAM of a personal computer?
What access requirements are necessary for this? Is a search in a hex dump always required or are there shorter ways?
Good article about the current state of cryptocurrency forensics.
Continue reading Tracking Stolen Cryptocurrencies
I want to analyze the traces of a program in my VM by executing it and then capturing the memory and disk using FTK Imager.
However, it looks like –given the environment I have– the program only runs for a couple seconds, and –since the… Continue reading "Intercepting" executable with FTK Imager
while debugging some strange effects in my home network (bad video call quality due to packet loss) I found out this only happens when my RBPI is connected to the network. When I wanted to log in I discovered that the default password was … Continue reading How to do forensics on RaspberryPi in home network?
How to find the source of infection of a virus that was deleted by an Antivirus?
Vice has an article about how data brokers sell access to the Internet backbone. This is netflow data. It’s useful for cybersecurity forensics, but can also be used for things like tracing VPN activity.
At a high level, netflow data creates a picture of traffic flow and volume across a network. It can show which server communicated with another, information that may ordinarily only be available to the server owner or the ISP carrying the traffic. Crucially, this data can be used for, among other things, tracking traffic through virtual private networks, which are used to mask where someone is connecting to a server from, and by extension, their approximate physical location…
I am wondering what the general steps are in retrospect for trying to find out how one ends up being hacked.
A couple of times I have had Linux servers that ended up being hacked. I noticed this in various ways. Last time just simply by se… Continue reading How to do a post-mortem after being hacked [closed]
Is there a way to spot the method which an attacker used to do all of the necessary credential dumping, or stealing/forging tickets/using pass-the-hash/ticket techniques, if we don’t have access to the DC security log files, but only from … Continue reading Identifying the method which an attacker used to harvest important account credentials, while the security logs are deleted
Suppose we have two voice samples, A and B, which are converted from the same person’s voice into different voices respectively by a voice changer. In addition, let us assume that the voice conversion causes severe loss of the original voi… Continue reading Can voice analysis be used to determine if voice samples converted in two different ways are from the same person?
I have a large drive and I only want to save unallocated space and metadata. blkls can copy unallocated space and ntfsclone can copy metadata but it omits timestamps and some other data. Is there another program that I can use to accomplis… Continue reading Dump all ntfs metadata and unallocated space