memory analysis Archives - Forensic Focus

Passware Kit 2023 v1 – AxCrypt and Instant VeraCrypt Decryption

15th December 2022

Configuring the decryption of multiple disk images has long been a headache for computer forensics. In the past, they needed to specify the settings for each image, depending on the FDE vendor, in order to set up the password recovery … Read more

BlockQuery: Toward Forensically Sound Cryptocurrency Investigation

1st September 2022

Tiffanie: Hi, my name is Tiffanie Edwards, and I’m gonna be presenting the paper “BlockQuery: Toward Forensically Sound Cryptocurrency Investigation”.

So this is a little bit of background on the authors of this paper. Tyler Thomas is a primary … Read more

Extraction and Analysis of Retrievable Memory Artifacts From Windows Telegram Desktop Application

8th July 2022

In this video from DFRWS-EU 2022, Pedro Fernandez-Alvarez describes research focused on the Telegram Desktop client, in particular the client process contents in a Windows system’s RAM.

Session Chair: We are now in the topic of memory forensics, and … Read more

Magnet Forensics Acquires Cybersecurity Software Firm Comae Technologies

6th May 2022

The company will continue the development of Comae’s memory analysis platform and seek to incorporate its capabilities into existing solutions

Magnet Forensics announced the acquisition of the strategic IP assets of Comae Technologies, a cybersecurity firm that specializes in … Read more

Duck Hunt: Memory Forensics of USB Attack Platforms

7th January 2022

Matthew: Welcome to our presentation. I’m Matthew Piscitelli.

Tyler: And I’m Tyler Thomas.

Matthew: And we performed memory forensics on USB attack platforms. This work was supported by National Science Foundation Grant number 1921813. We looked at two USB … Read more

Capturing RAM Dumps and Imaging eMMC Storage on Windows Tablets

12th May 20201st May 2015

While Windows desktops and laptops are relatively easy to acquire, the same cannot be said about portable Windows devices such as tablets and convertibles (devices with detachable keyboards). Having no … Read more

Windows Logon Password – Get Windows Logon Password using Wdigest in Memory Dump

12th May 202028th April 2014

1. Introduction

The former way to acquire the Windows logon password of user is to get a NTML hash value through the Windows logon session and registry then crack it. [Figure 1] shows the well-known ways to get a NTML … Read more

Digital forensics of the physical memory

12th May 202010th July 2011

First published September 2005

Mariusz Burdach
[email protected]
Warsaw, March 2005
last update: July 11, 2005

Abstract

This paper presents methods by which physical memory from a compromised machine can be analyzed. Through this methods, it is possible to extract useful … Read more