Collaborate Disseminate
Recently someone had asked on a mailing list about how to extract the registry value names that were created by a particular piece of malware. The issue was a NULL (0x0) character at the beginning of the registry value name, which prevented regedit fr… Continue reading Registry Value Names Starting with NULL Characters
Recently someone had asked on a mailing list about how to extract the registry value names that were created by a particular piece of malware. The issue was a NULL (0x0) character at the beginning of the registry value name, which prevented regedit fr… Continue reading Registry Value Names Starting with NULL Characters
We are pleased to announce the first public offering of the Windows Memory Forensics for Analysts training course. This is the only memory forensics course officially designed, sponsored, and taught by the Volatility developers. One of the main reasons… Continue reading Windows Memory Forensics Training for Analysts by Volatility Developers
We are pleased to announce the first public offering of the Windows Memory Forensics for Analysts training course. This is the only memory forensics course officially designed, sponsored, and taught by the Volatility developers. One of the main reasons… Continue reading Windows Memory Forensics Training for Analysts by Volatility Developers
I know I haven’t written much in the last few months; I’ve been busy. Even though I’m writing a blogpost today it’s still going to be pretty short… this is because most of what I have to say has already been written up in documentation ahead of time… Continue reading Differential EnScript
I know I haven’t written much in the last few months; I’ve been busy. Even though I’m writing a blogpost today it’s still going to be pretty short… this is because most of what I have to say has already been written up in documentation ahead of time… Continue reading Differential EnScript