How To - Forensic Memory Acquisition in Linux with LiME
This week we will be using LiME to acquire a memory image in a suspect Linux system. LiME is a loadable kernel module that needs to be compiled based on the ...
Recent posts
[How To] Forensic Data Recovery in Linux - tsk_recover
This week we will talk about The Sleuth Kit, and specifically the tool tsk_recover. tsk_recover is a useful tool for allocated and unallocated file recovery....
No More Ransom - Detecting and unlocking ransomware without paying
Data is valuable. Ransomware takes advantage of the financial or sentimental value of our data, as well as the fact that most homes and organizations do not ...
[How To] Forensic Data Recovery in Windows - Photorec
This week we will show how to use Photorec to recover data form a suspect disk image. Photorec supports the recovery of many different file types, but we wil...
Warning to Forensic Investigators: USB KILLER
This single is informational for digital forensic investigators and first responders. Be aware of the ‘USB Killer’. Very basically, it’s a USB device that co...