DFRWS-EU 2022: The Future of Digital Forensics Is Now

An analog clock superimposed on a blue background showing hexadecimal code

Moving digital forensics forward in terms of methods and frameworks, as well as organizational and cross-cultural collaboration, was an overarching theme of this year’s European Union edition of the Digital Forensics Research Workshop (DFRWS). 

After 40 years, mainstays like file … Read more

Leveraging Intel DCI for Memory Forensics

A small circuit board is connected to a larger circuit board via cabling

Hello, and welcome to my DFRWS US 2021 talk about leveraging Intel DCI for memory forensics. My name is Tobias Latzo and I’m in the security research group of the Friedrich-Alexander University Erlangen-Nürnberg in Germany, which is led by Felix … Read more

JTAG-Based Memory Acquisition Framework

Multicolored cables connect small electronic boxes

Hello everyone. My name is Muhammad Haris Rais. I am a PhD student at SAFE lab – Security And Forensics Engineering lab at Virginia Commonwealth University.  The lab is led by Dr. Irfan Ahmed and is mostly focused around industrial … Read more

Is More Efficient, Accessible Memory Forensics Possible?

Christa: Memory forensics is a mainstay of incident response. Its relevance and necessity only growing with time, as encryption technology has become more integrated, especially in consumer devices. Yet memory forensics is neither intuitive nor simple.

Looking to change … Read more

Seance: Forensic Divination

Hi everybody, my name is Ryan Maggio. I am a recent graduate from the Louisiana State University and today I’m going to be presenting a project called Seance that was worked on by myself, Andrew Case, Aisha Ali-Gombe and Golden … Read more

Duck Hunt: Memory Forensics of USB Attack Platforms

Matthew: Welcome to our presentation. I’m Matthew Piscitelli.

Tyler: And I’m Tyler Thomas.

Matthew: And we performed memory forensics on USB attack platforms. This work was supported by National Science Foundation Grant number 1921813. We looked at two USB … Read more

How To Use AXIOM In Malware Investigations: Part I

Hey everyone, Tara Nelson here with Magnet Forensics. Today I’m going to give a little bit of insight into how AXIOM can help with some of your day-to-day investigations.

In part one of the segment we’re going to talk a … Read more

Memory Dump Formats

by Chirath De Alwis

As in other storage devices, volatile memory also has several formats. According to the acquisition method that is in use, the captured file format can be vary. According to (Ligh et al, 2018) the most commonly … Read more

Linux Memory Forensics: Dissecting the User Space Process Heap

by Frank Block and Andreas Dewald

Abstract

The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process … Read more

RAM Forensic Analysis

by Eliézer Pereira

1 Goal

The purpose of this article is show how to perform a RAM memory forensic analysis, presenting some examples of information that can be retrieved and analyzed to help identify indications of security incidents as well … Read more

Acquiring Windows PCs

by Oleg Afonin, Danil Nikolaev and Yuri Gubanov

In our previous article, we talked about acquiring tablets running Windows 8 and 8.1. In this publication, we will talk about the acquisition of Windows computers – desktops and laptops. This class Read more

Capturing RAM Dumps and Imaging eMMC Storage on Windows Tablets

Oleg Afonin, Danil Nikolaev, Yuri Gubanov
© Belkasoft Research 2015

While Windows desktops and laptops are relatively easy to acquire, the same cannot be said about portable Windows devices such as tablets and convertibles (devices with detachable keyboards). Having no Read more

Share to...