[How to] Installing and updating Linux in Virtualbox

Today we are going to install and update a Debian-based operating system in VirtualBox as a guest operating system.

The first video goes through creating a virtual machine in VirtualBox, and installing an operating system from an ISO disk image.

<div class="separator" style="clear: both; text-align: center;"><div class='embed-container'><iframe src='https://www.youtube.com/embed//-vVh550oaoI' frameborder='0' allowfullscreen></iframe></div></div>

The next video uses apt-get to update the software in the system, as well as ifconfig and ping to check if the network is working.

<div class="separator" style="clear: both; text-align: center;"><div class='embed-container'><iframe src='https://www.youtube.com/embed//w97PciH_XSw' frameborder='0' allowfullscreen></iframe></div></div>
The final video shows how to install VirtualBox Guest Additions to allow multiple features inside the guest operating system.

<div class="separator" style="clear: both; text-align: center;"><div class='embed-container'><iframe src='https://www.youtube.com/embed//tAElCds6tu8' frameborder='0' allowfullscreen></iframe></div></div>

~1 min read

[How To] Digital Forensic Memory Analysis - Volatility

This week we will begin with a very basic introduction into the memory analysis framework Volatility. We will use volatility to collect information about a memory image, recover the processes that were running in the system at the time of acquisition, and try to find malicious processes within the memory image. We will cover volatility in more depth in a later video.

<div class="separator" style="clear: both; text-align: center;"><div class='embed-container'><iframe src='https://www.youtube.com/embed//Cs0Gc3GtfZY' frameborder='0' allowfullscreen></iframe></div></div>

~1 min read

What I’m Reading: Robust bootstrapping memory analysis against anti forensics

Today we are talking about ‘Robust bootstrapping memory analysis against anti-forensics’ by Lee Kyoungho, Hwang Hyunuk, Kim Kibom and Noh BongNam. This paper deals with anti-forensics techniques against memory analysis, as well as using KiInitialPCR as a more tamper-resistant data structure for OS fingerprinting and process list extraction.

K. Lee, H. Hwang, K. Kim, and B. Noh, “Robust bootstrapping memory analysis against anti-forensics,” Digit. Investig., vol. 18, Supplement, pp. S23–S32, Aug. 2016.

Science Direct: http://www.sciencedirect.com/science/article/pii/S1742287616300408
DFRWS Archive: https://www.dfrws.org/file/712/download?token=sWs0HHYB


<div class="separator" style="clear: both; text-align: center;"><div class='embed-container'><iframe src='https://www.youtube.com/embed//MBjFTrhcusE' frameborder='0' allowfullscreen></iframe></div></div>

<iframe seamless="" src="https://bandcamp.com/EmbeddedPlayer/track=3508204421/size=large/bgcol=ffffff/linkcol=0687f5/tracklist=false/artwork=small/transparent=true/" style="border: 0; height: 120px; width: 100%;">WIR:E02 - Robust bootstrapping memory analysis against anti forensics by Joshua I. James</iframe>

~1 min read

[How To] Digital Forensic Memory Analysis - strings, grep and photorec

This week we will show how to use basic data processing tools strings, grep and photorec to start an analysis of a Random Access Memory (RAM) image, even if we currently know nothing about the image. These methods are extremely basic types of analysis, but they are also fast and can produce some interesting results.

<div class="separator" style="clear: both; text-align: center;"><div class='embed-container'><iframe src='https://www.youtube.com/embed//4XoidAheuJE' frameborder='0' allowfullscreen></iframe></div</div>

~1 min read

What I’m Reading: A functional reference model of passive systems for tracing network traffic

What I’m Reading: Today we are talking about ‘A functional reference model of passive systems for tracing network traffic’ by Thomas E. Daniels. This paper deals with network traffic origin analysis using passive methods.

T. E. Daniels, “A functional reference model of passive systems for tracing network traffic,” Digit. Investig., vol. 1, no. 1, pp. 69–81, Feb. 2004.

Link: http://www.sciencedirect.com/science/article/pii/S1742287603000045

<div class="separator" style="clear: both; text-align: center;"><div class='embed-container'><iframe src='https://www.youtube.com/embed/z-jthlQB6sE' frameborder='0' allowfullscreen></iframe></div></div></div>
Audio only:

<iframe seamless="" src="https://bandcamp.com/EmbeddedPlayer/track=2817486589/size=small/bgcol=ffffff/linkcol=0687f5/transparent=true/" style="border: 0; height: 42px; width: 100%;">WIR:E01 - A functional reference model of passive systems for tracing network traffic by Joshua James</iframe>

~1 min read

[How To] Forensic Memory Acquisition in Linux - LiME

This week we will be using LiME to acquire a memory image in a suspect Linux system. LiME is a loadable kernel module that needs to be compiled based on the specific arch of the suspect device. We show the basics of compiling, and how to load the kernel object to copy a RAW memory image.

<div class="separator" style="clear: both; text-align: center;"><div class='embed-container'><iframe src='https://www.youtube.com/embed//_7Tq8dcmP0k' frameborder='0' allowfullscreen></iframe></div></div>

~1 min read