Collaborate Disseminate
I am about to make a forensic image (using dc3dd from OSFClone) of two laptops and in this specific case I’d like to startup using an bootable USB stick with OSFClone and image the disk to an external disk. The laptops (HP ProBooks) in thi… Continue reading Can I safely disable and re-enable Secure Boot when Bitlocker is used in order to make a Forensic Image?
I often have to analyze memories and I always use volatility. But for a while now I’ve been having some problems with the software and I was wondering if there are any viable alternatives to volatility to replace it.
I have two sticks of RAM in my computer that I would like to sell or donate. From what I understand some RAM is volatile, losing all its contents when power is gone for a few minutes, and some is non-volatile, retaining that information af… Continue reading Are the sticks of RAM in my desktop computer volatile? Is it safe to sell them?
Microsoft analyzed details of the SolarWinds attack:
Microsoft and FireEye only detected the Sunburst or Solorigate malware in December, but Crowdstrike reported this month that another related piece of malware, Sunspot, was deployed in September 2019… Continue reading More SolarWinds News
Assuming a given SSD supports TRIM, and is on a physical bus that supports sending that command, and the connected computer is running an OS that is aware of TRIM:
If the drive is formatted, or has had its files erased, will the data be un… Continue reading Data recovery from TRIMmed SSDs
Consider a scenario, where your AV / EDR software has to exclude paths of database files as suggested by vendors to avoid affecting performance or stability issues.
You want to review your database for integrity with the aim to make sure t… Continue reading What tools/checklists can help determine the presence of malicious code in a database? MS SQL specifically
I know a text can be unredacted but can pictures too? I have a picture I would love to unredact can that be done? Please and Thank you.
This article on forensicfocus.com says the following about Deterministic Read After TRIM (emphasis mine):
As a result, the data returned by SSD drives supporting DRAT as opposed to DZAT can be all zeroes or other words of data, or it coul… Continue reading What’s the DRAT word of my SSD?
This article on thomas-krenn.com states:
Because an ATA trim will be performed by NTFS with Windows 7 or when formatting using Ext4 from mke2fs 1.41.10 or XFS from xfsprogs 3.1.0, the secure erase procedure is no longer necessary […].
… Continue reading Does formatting an SSD securely delete all data?
Are there any ways to get information on who is sending certain emails from an anonymous email address?
Besides the obvious IP solution, would there be any alternative such as embedding some kind of script or something that reads some phon… Continue reading How to track anonymous email sender (alternatives to IP tracking) [duplicate]