Configuring the decryption of multiple disk images has long been a headache for computer forensics. In the past, they needed to specify the settings for each image, depending on the FDE vendor, in order to set up the password recovery … Read more
memory analysis
BlockQuery: Toward Forensically Sound Cryptocurrency Investigation
Tiffanie: Hi, my name is Tiffanie Edwards, and I’m gonna be presenting the paper “BlockQuery: Toward Forensically Sound Cryptocurrency Investigation”.
So this is a little bit of background on the authors of this paper. Tyler Thomas is a primary … Read more
Extraction and Analysis of Retrievable Memory Artifacts From Windows Telegram Desktop Application
In this video from DFRWS-EU 2022, Pedro Fernandez-Alvarez describes research focused on the Telegram Desktop client, in particular the client process contents in a Windows system’s RAM.
Session Chair: We are now in the topic of memory forensics, and … Read more
Magnet Forensics Acquires Cybersecurity Software Firm Comae Technologies
The company will continue the development of Comae’s memory analysis platform and seek to incorporate its capabilities into existing solutions
Magnet Forensics announced the acquisition of the strategic IP assets of Comae Technologies, a cybersecurity firm that specializes in … Read more
Duck Hunt: Memory Forensics of USB Attack Platforms
Matthew: Welcome to our presentation. I’m Matthew Piscitelli.
Tyler: And I’m Tyler Thomas.
Matthew: And we performed memory forensics on USB attack platforms. This work was supported by National Science Foundation Grant number 1921813. We looked at two USB … Read more
Capturing RAM Dumps and Imaging eMMC Storage on Windows Tablets
Oleg Afonin, Danil Nikolaev, Yuri Gubanov
© Belkasoft Research 2015
While Windows desktops and laptops are relatively easy to acquire, the same cannot be said about portable Windows devices such as tablets and convertibles (devices with detachable keyboards). Having no … Read more
Windows Logon Password – Get Windows Logon Password using Wdigest in Memory Dump
1. Introduction
The former way to acquire the Windows logon password of user is to get a NTML hash value through the Windows logon session and registry then crack it. [Figure 1] shows the well-known ways to get a NTML … Read more
Digital forensics of the physical memory
First published September 2005
Mariusz Burdach
[email protected]
Warsaw, March 2005
last update: July 11, 2005
Abstract
This paper presents methods by which physical memory from a compromised machine can be analyzed. Through this methods, it is possible to extract useful … Read more