archives

malware forensics

This tag is associated with 3 posts

Hunting For Attackers’ Tactics And Techniques With Prefetch Files

by Oleg Skulkin Windows Prefetch files were introduced in Windows XP, and since that time they have helped digital forensics analysts and incident responders to find evidence of execution.  These files are stored under %SystemRoot%\Prefetch, and are designed to speed up applications’ startup processes. If we look at any prefetch files, we can see that … Continue reading

How To Use AXIOM In Malware Investigations: Part I

Hey everyone, Tara Nelson here with Magnet Forensics. Today I’m going to give a little bit of insight into how AXIOM can help with some of your day-to-day investigations. In part one of the segment we’re going to talk a little bit about malware investigations, in particular reviewing memory as part of AXIOM. Regardless of … Continue reading

Finding Metasploit’s Meterpreter Traces With Memory Forensics

by Oleg Skulkin & Igor Mikhaylov Metasploit Framework is not only very popular among pentesters, but is also quite often used by real adversaries. So why is memory forensics important here? Because Meterpreter, for example – an advanced, dynamically extensible Metasploit payload – resides entirely in the memory and writes nothing to the victim’s drive. In … Continue reading

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 1,276 other followers