Tag: forensics

Forensics

Forensics – Collecting Volatile Data

Under the principle of “order of Volatility”, you must first collect information that is classified as Volatile Data (the list of network connections, the list of running processes, log on sessions, and so on), which will be irretrievably lost in case the computer is powered off. This category includes the following data: 1.System uptime and …

Security

Artificial intelligence packet inspection engine

AIEngine is a next generation interactive/programmable Python/Ruby/Java packet inspection engine with capabilities of learning without any human intervention, NIDS(Network Intrusion Detection System) functionality, DNS domain classification, network collector, network forensics and many others. AIEngine also helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on. …

Antivirus, Debugging, Kernel

Debug user-mode processes using a kernel debugger

When a user-mode process deploys various userland anti-debugging tricks, you can use kernel debugging to attach to the process and debug it easier. > Create a Windows 8.1 Vmware machine. > Follow this guide to enable kernel debugging through pipes. > Run Windbg as administrator on your host machine. > Open File->Kernel Debug… (Ctrl+K) > …

Debugging, Kernel, Rootkits

Faster Windows Kernel debugging with Virtual Machines

VirtualKD is a tool that improves your kernel debugging performance with VMWare and VirtualBox. It seamlessly integrates with WinDbg and dramatically reduces debugging latency. Compatible with Windows 10 and VirtualBox 5.x. Features Significantly improves kernel debugging performance with VMWare and VirtualBox. Supports Windows XP to Windows 10, 32-bit and 64-bit. Fixes truncated Driver Verifier load …

Forensics, Malware Analysis, Reverse Engineering

Dump running Win32 process memory image

User Mode Process Dumper ver. 8.1 (userdump) dumps any running Win32 processes memory image (including system processes such as csrss.exe, winlogon.exe, services.exe, etc) on the fly, without attaching a debugger, or terminating target processes. Generated dump file can be analyzed or debugged by using the standard debugging tools. The userdump generates dump file by several …

Forensics

Computer Forensic Imaging Software

Forensic Imager is a Windows based program that will acquire, convert, or verify a forensic image in one of the following common forensic file formats: DD /RAW (Linux “Disk Dump”) AFF (Advanced Forensic Format) E01 (EnCase®) Forensic Image provides three separate functions: Acquire: The acquire option is used to take a forensic image (an exact …

Malware Analysis

FileAlyzer – Analyze files – Read PE information

FileAlyzer is a tool to analyze files – the name itself was initially just a typo of FileAnalyzer, but after a few days I decided to keep it. FileAlyzer allows a basic analysis of files (showing file properties and file contents in hex dump form) and is able to interpret common file contents like resources …

Malware Analysis

Read Portable Executable (PE) information

PEview provides a quick and easy way to view the structure and content of 32-bit Portable Executable (PE) and Component Object File Format (COFF) files. This PE/COFF file viewer displays header, section, directory, import table, export table, and resource information within EXE, DLL, OBJ, LIB, DBG, and other file types. Download from here.