Forensic Focus – Articles
malware forensics
Hunting For Attackers’ Tactics And Techniques With Prefetch Files
by Oleg Skulkin Windows Prefetch files were introduced in Windows XP, and since that time they have helped digital forensics analysts and incident responders to find evidence of execution. These files are stored under %SystemRoot%\Prefetch, and are designed to speed up applications’ startup processes. If we look at any prefetch files, we can see that … Continue reading
How To Use AXIOM In Malware Investigations: Part I
Hey everyone, Tara Nelson here with Magnet Forensics. Today I’m going to give a little bit of insight into how AXIOM can help with some of your day-to-day investigations. In part one of the segment we’re going to talk a little bit about malware investigations, in particular reviewing memory as part of AXIOM. Regardless of … Continue reading
Finding Metasploit’s Meterpreter Traces With Memory Forensics
by Oleg Skulkin & Igor Mikhaylov Metasploit Framework is not only very popular among pentesters, but is also quite often used by real adversaries. So why is memory forensics important here? Because Meterpreter, for example – an advanced, dynamically extensible Metasploit payload – resides entirely in the memory and writes nothing to the victim’s drive. In … Continue reading
