SANS Investigate Forensic Toolkit (SIFT) Workstation YouTube Series
Ok, so I decided to start a video series that is going to cover SANS Investigate Forensic Toolkit (SIFT) Workstation and the tools contained within the SIFT Kit. So I am going to sort of shift focus...
View ArticleSIFT Workstation: Video 3 – Mount Disk Image via Command Line
Welcome back for our third video. In this video I show you how to use a couple different commands to mount a disk image that we created in video two. Some of the commands I show you how to use are;...
View ArticleSIFT Workstation: Video 4 – Extracting $MFT using mmls, icat, and log2timeline
Hey all, welcome back for video four. In this video I show you how to extract the $MFT from an image I took of a Windows 7 x64 machine that I compromised within my lab. In this video I use mmls to find...
View ArticleMalware Analysis with SIFT and Volatility
Hey all, I decided to go ahead and do a written blog post for this one. This is the first time I have looked into Malware analysis, but I figured why not. It was too cold here in Korea to do anything...
View ArticleSIFT Workstation: Video 5 Gmail Passwords inside Memory Dumps
Ok, so the blog post before this one got me thinking about whether or not I could extract email passwords out of a memory dump by using strings. I assumed it was possible so I set off and gave it a...
View ArticleZeus v2 Malware Analysis – Part I
So i’m new to this whole malware thing, but it’s pretty damn fun. I’ve been reading more and more about it over the past couple months. In either case I want to learn more about malware analysis (in...
View ArticleThe Sleuth Kit Part 5 – Recover files with tsk_recover and icat
Welcome to Part 5. Here I will quickly go over recovering some files with tsk_recover and icat. So let’s get started. I first needed a “clean” image to work with. I figured that reusing an old USB...
View ArticleIETab File System Analysis – Part III
So here we are with Part III. If you haven’t already checked out Part I and Part II you should. I feel that I have been doing more “malware analysis” lately, and not enough “traditional forensics”, so...
View ArticleForensics in the Amazon Cloud – EC2
Businesses of all sizes seem to be moving at least some operations to the cloud. It’s only a matter of time before you get a phone call asking you to conduct some kind of cloud forensics and/or...
View Article
More Pages to Explore .....