Blog about things familiar to most people, from a non-standard point of view.
Description PoSh-R2PowerShell – this is a set of powershell scripts for Windows Management Instrumentation (WMI), which investigators and forensic analysts can use to extract information from compromised (or potentially compromised) Windows systems. The scripts use WMI to extract this information from the operating system. Hence, this Read More …
LinuxCheck– this is a small bash script to collect information, useful for emergency response on Debian and Centos systems. Characteristics: LinuxCheck– this is a separate script, capable of collecting a large set of information: CPU TOP10, memory TOP10 CPU usage boot time Hard disk information User information, information about passwd Read More …
Microsoft Windows uses page file (pagefile.sys), for storing memory blocks, which do not currently fit into physical memory. This file, is stored at %SystemDrive%pagefile.sys and is a hidden system file and cannot be read or accessed by the user, including Administrator on active system. This file Read More …
Memory analysis in Windows 10 very different from previous versions of Windows: new feature, called memory compression, makes a forensic tool necessary, capable of reading compressed memory pages. Memory compression in Windows 10 Latest Windows Releases 10 enable memory compression function, which Read More …
IN 2018 The law on biometric identification came into force in Russia. Banks are implementing biometric systems and collecting data for placement in the Unified Biometric System (Elementary school). Biometric identification gives citizens the opportunity to receive banking services remotely. This saves them from Read More …
Data from Amcache and Shimcache can provide a timeline of whether, what program was executed, when it was first launched and last modified.
During forensic analysis of a Windows system, it is often important to understand, when and how a specific process was started.
Fraudsters are becoming more sophisticated, Porn blackmail is now trending, when the user receives a sent message “on behalf of” your own mailbox with content: Hello! I’m a hacker who cracked your email and device a few months ago. You entered a password Read More …
An old friend calls me. Speaks, help! The server at work went crazy – consumes so much electricity, but for a legal entity it is expensive… Sysdamin hasn't been able to figure it out for so long, a lot, They even bought him new spare parts, everything is useless. And from the side Read More …
Hi all! Actually, to the essence of the topic. Surely many of us have heard, or read that television, Internet and so on somehow influence us. Surely someone even took some tests, like: “find out, How addicted are you to the internet?…” But Read More …