Collaborate Disseminate
I am new to memory forensics. When a process in Windows is ended are all artifacts for the process in memory gone? I ask because my EDR solution gives me the local process ID of a process I am trying to look at. I obtain a full memory a… Continue reading Memory Forensics on exited process
I am making a series of python scripts for data overwriting. My current prototype creates a series of large files and simply fills the memory (using a different system for additional overwrites). Is there an advantage to overwriting the en… Continue reading File based background data eraser
Are memory forensic tools useful for attack detection? Usually they are applied after an attack has happened. You could always constantly scan a machine but this requires lots of resources and depending on how often you scan leaves a windo… Continue reading How useful are memory forensic tools for detecting active attacks (considering current devices)
My mistakenly without getting a backup installed a new windows on it and actually I have formatted the disk during windows installation as well, is there a live bootable tool to recover my files in my laptop disk?
I have a SSD and wanted to use VeraCrypt for plausible deniability and protection against any & all level attacks e.g. state sponsored, non sponsored. My goal was to use a VM and place it in the hidden VC container. After further resea… Continue reading Veracrypt SSD encryption security analysis vs HDD
I came across the base64 code and performed a base64 to image and perform exiftool of that image and found out that there is some encoding in the image which is Baseline DCT, Huffman coding
I used the base64 code below and decode to image… Continue reading Huffman Coding Image Decode to get hidden data [closed]
I’m running a forensic artifact analysis on a MacBook Pro, running Big Sur, but the .fseventsd folder is not present on one of the 3 user accounts/folders available on the machine, even among hidden folders/files. How would the user disabl… Continue reading .FSeventsd Missing From User Profile on Big Sur [closed]
I’m running a forensic artifact analysis on a MacBook Pro, running Big Sur, but the .fsevents file is not present at all, even among hidden files. How would the user disable the generation of this file and is there any way to re-enable it… Continue reading FSEvents not present on macOS Big Sur [migrated]
I got my fingers seriously burnt with some garbage bought online, which was a USB-3.0 to VGA cable. It contained a driver that requested an install, that led to my computer being unstable and a few other things. Malware was not verified bu… Continue reading how to check a device (mouse, USB-VGA, USB-HDMI) contains no malware [duplicate]
Is there a standard procedure when it comes to preserving evidence of a crime committed on a website of a third party?
Let’s assume that a crime was committed on a website I visit, like defamation. Other than using the Wayback Machine or b… Continue reading Preserving crime evidence from a website I do not own