Skip to main content

Tools and Links

SANS Tools

ericzimmerman youtube

https://www.eccouncil.org/cybersecurity/what-is-digital-forensics/


https://tryhackme.com/room/windowsforensics1

https://www.sans.org/blog/triage-collection-and-timeline-generation-with-kape/


https://www.kroll.com/en/insights/publications/cyber/case-studies/transatlantic-cyber-investigation-insider-threat-ransom-attempt 


KAPE

 

https://www.kroll.com/en/services/cyber-risk/incident-response-litigation-support/kroll-artifact-parser-extractor-kape


Introduction to Memory Forensics with Volatility 3 - YouTube

https://www.youtube.com/watch?v=lOTDevvqOq0


Labels:

Comments

Post a Comment

Popular posts from this blog

Chain of Custody – Digital Forensics

  Chain of Custody – Digital Forensics Chain of Custody refers to the logical sequence that records the sequence of custody, control, transfer, analysis and disposition of physical or electronic evidence in legal cases. Each step in the chain is essential as if broke, the evidence may be rendered inadmissible. Thus we can say that preserving the chain of custody is about following the correct and consistent procedure and hence ensuring the quality of evidence. The chain of custody in digital cyber forensics is also known as the paper trail or forensic link, or chronological documentation of the evidence. ·         Chain of custody indicates the collection, sequence of control, transfer and analysis. ·         It also documents details of each person who handled the evidence, date and time it was collected or transferred, and the purpose of the transfer. ·         It de...
Post a Comment
Read more

Part 1.2: Memory Analysis

  Part 1.2: Memory Analysis  Investigating Malware Using Memory Forensics   Memory forensics is a technique used in digital forensics that involves the analysis of a computer's volatile memory (RAM) to obtain information about running processes, open network connections, system configurations, and other valuable data. This technique is particularly useful in investigating malware, as malware often tries to hide its presence on a system, making it difficult to detect using traditional methods. When investigating malware using memory forensics, there are several steps to follow: 1.       Acquisition: The first step is to acquire the volatile memory from the infected system. This can be done using tools such as FTK Imager or Volatility. 2.       Analysis: Once the memory has been acquired, it is time to analyze it. This involves examining the memory for suspicious processes, network connections, and other indicato...
Post a Comment
Read more

Step1: Identification & Preparation

Step 1:Identification and preparation Identification involves recognizing and documenting potential digital evidence, which includes identifying devices, storage media, and files that may contain relevant information. This step often involves creating a forensic image of the storage media to preserve the data for analysis. Preparation involves ensuring that the digital evidence is collected and handled properly to maintain its integrity and admissibility in court. This includes using proper tools and techniques to collect and preserve the data, documenting the chain of custody, and ensuring that the evidence is not altered or destroyed during the collection process . Both identification and preparation are critical to the success of a digital forensic investigation, as they lay the foundation for the analysis and interpretation of the data. 1.  Identification &   Preparation : The first step is to identify the scope of the investigation and create a plan for the investi...
Post a Comment
Read more