Skip to main content

Posts

Featured

Volatility Forensics Basics

 How to find  build version of the host machine via Forensic Image analysis of Volatility Navigate to the path where image file is present then type  /Directory/Path python3 /opt/volatilit y3/vol.py -f 'FILENAME' windows.info To Find all processes associated including suspicious and legit ones, python3 /opt/volatility3/vol.py -f 'Filename' windows.pslist This process seems to be a malicious one python3 /opt/volatility3/vol.py -f 'FILENAME' windows.pstree To Check associated artifacts such as browser user's agent we perform dump asgainst the parent process id  it writes entire dump on /tmp directory python3 /opt/volatility3/vol.py -f 'Investigation-1.vmem' -o /tmp/ windows.memmap.Memmap  --pid 1484 --dump  To check for keywords in strings use the following command strings /tmp/*.dmp | grep -i "user-agent"

Latest posts

Security Operations Center (S.O.C) Basic Fundamentals

QRadar SIEM Fundamental Notes

Methods to Find I.P Address