What I’m Reading - Robust bootstrapping memory analysis against anti forensics
Today we are talking about ‘Robust bootstrapping memory analysis against anti-forensics’ by Lee Kyoungho, Hwang Hyunuk, Kim Kibom and Noh BongNam. This paper...
Recent posts
[How To] Digital Forensic Memory Analysis - strings, grep and photorec
This week we will show how to use basic data processing tools strings, grep and photorec to start an analysis of a Random Access Memory (RAM) image, even if ...
What I’m Reading - A functional reference model of passive systems for tracing network traffic
What I’m Reading: Today we are talking about ‘A functional reference model of passive systems for tracing network traffic’ by Thomas E. Daniels. This paper d...
How To - Forensic Memory Acquisition in Linux with LiME
This week we will be using LiME to acquire a memory image in a suspect Linux system. LiME is a loadable kernel module that needs to be compiled based on the ...
[How To] Forensic Data Recovery in Linux - tsk_recover
This week we will talk about The Sleuth Kit, and specifically the tool tsk_recover. tsk_recover is a useful tool for allocated and unallocated file recovery....