Digital forensics – it's an identification process, conservation, extraction, data analysis and presentation, that have been processed electronically and stored on digital devices. This data, known as digital artifacts, can be found in computers and smartphones and may play a key role in Read More …
Microsoft Windows uses page file (pagefile.sys), for storing memory blocks, which do not currently fit into physical memory. This file, is stored at %SystemDrive%pagefile.sys and is a hidden system file and cannot be read or accessed by the user, including Administrator on active system. This file Read More …
Memory analysis in Windows 10 very different from previous versions of Windows: new feature, called memory compression, makes a forensic tool necessary, capable of reading compressed memory pages. Memory compression in Windows 10 Latest Windows Releases 10 enable memory compression function, which Read More …
During forensic analysis of a Windows system, it is often important to understand, when and how a specific process was started.