memory forensics Archives - Forensic Focus

Robert Jan Mora, Principal Threat Investigator, Volexity

8th April 2024

FF: Tell us about your background and how you ended up as a Principal Threat Investigator at Volexity? That is an exciting story to tell, I guess. My background is that I started my career in law enforcement in the… Read more

The Trojan solved the Bhima Koregaon case!

20th January 2023

By RJM How proper file, malware, and memory forensics techniques were able to catch the ModifiedElephant threat actor planting incriminating evidence on defendants’ computers in India. Disclaimer: The views, methods, and opinions expressed at Anchored Narratives are the author’s and… Read more

The Wisdom of the Heap: Mesh It up by Weaving Data Structures

26th July 2022

In this short presentation, Trufflepig Forensics’ Aaron Hartel and Christian Müller present some early stage research about the volatility of data in memory as data structures change version to version. Session Chair: We’re now going over to memory forensics and… Read more

Memory Forensic Analysis of a Programmable Logic Controller in Industrial Control Systems

19th July 2022

Winner of the Best Student Paper Award at DFRWS-EU 2022! Muhammad Haris Rais describes a step-wise approach to analyze the memory of specific PLCs, and subsequently find a generic framework applicable to all PLCs. By following a methodology that focused… Read more

PEM: Remote Forensic Acquisition of PLC Memory in Industrial Control Systems

14th July 202214th July 2022

Winner of the Best Paper Award at DFRWS-EU 2022, Nauman Zubair proposes a new memory acquisition framework to remotely acquire a programmable logic controller (PLC)’s volatile memory while the PLC is controlling a physical process. Session Chair: Welcome Nauman, happy… Read more

Defining Atomicity (and Integrity) for Snapshots of Storage in Forensic Computing

12th July 2022

In this video from DFRWS-EU 2022, Jenny Ottmann revisits the discussion on quality criteria for “forensically sound” acquisition of such storage and proposes a new way to capture the intent to acquire an instantaneous snapshot from a single target system;… Read more

Extraction and Analysis of Retrievable Memory Artifacts From Windows Telegram Desktop Application

8th July 2022

In this video from DFRWS-EU 2022, Pedro Fernandez-Alvarez describes research focused on the Telegram Desktop client, in particular the client process contents in a Windows system’s RAM. Session Chair: We are now in the topic of memory forensics, and we… Read more

Magnet Forensics Acquires Cybersecurity Software Firm Comae Technologies

6th May 2022

The company will continue the development of Comae’s memory analysis platform and seek to incorporate its capabilities into existing solutions Magnet Forensics announced the acquisition of the strategic IP assets of Comae Technologies, a cybersecurity firm that specializes in incident… Read more

DFRWS-EU 2022: The Future of Digital Forensics Is Now

25th April 2022

An analog clock superimposed on a blue background showing hexadecimal code

Moving digital forensics forward in terms of methods and frameworks, as well as organizational and cross-cultural collaboration, was an overarching theme of this year’s European Union edition of the Digital Forensics Research Workshop (DFRWS). After 40 years, mainstays like file… Read more

Leveraging Intel DCI for Memory Forensics

22nd March 2022

A small circuit board is connected to a larger circuit board via cabling

Hello, and welcome to my DFRWS US 2021 talk about leveraging Intel DCI for memory forensics. My name is Tobias Latzo and I’m in the security research group of the Friedrich-Alexander University Erlangen-Nürnberg in Germany, which is led by Felix… Read more

JTAG-Based Memory Acquisition Framework

4th February 2022

Multicolored cables connect small electronic boxes

Hello everyone. My name is Muhammad Haris Rais. I am a PhD student at SAFE lab – Security And Forensics Engineering lab at Virginia Commonwealth University. The lab is led by Dr. Irfan Ahmed and is mostly focused around industrial… Read more

Is More Efficient, Accessible Memory Forensics Possible?

31st January 2022

Christa: Memory forensics is a mainstay of incident response. Its relevance and necessity only growing with time, as encryption technology has become more integrated, especially in consumer devices. Yet memory forensics is neither intuitive nor simple. Looking to change that… Read more

Seance: Forensic Divination

28th January 2022

Hi everybody, my name is Ryan Maggio. I am a recent graduate from the Louisiana State University and today I’m going to be presenting a project called Seance that was worked on by myself, Andrew Case, Aisha Ali-Gombe and Golden… Read more

Duck Hunt: Memory Forensics of USB Attack Platforms

7th January 2022

Matthew: Welcome to our presentation. I’m Matthew Piscitelli. Tyler: And I’m Tyler Thomas. Matthew: And we performed memory forensics on USB attack platforms. This work was supported by National Science Foundation Grant number 1921813. We looked at two USB attack… Read more

Research Roundup: New Tools And Techniques And Ensuring Their Quality

7th July 2021

The month of May saw a robust, diverse set of academic papers published. Tools and techniques are as present as ever — focusing that month on Windows 10 and mobile malware — but so are discussions about how to ensure… Read more

How To Use AXIOM In Malware Investigations: Part I

14th May 202011th November 2019

Hey everyone, Tara Nelson here with Magnet Forensics. Today I’m going to give a little bit of insight into how AXIOM can help with some of your day-to-day investigations. In part one of the segment we’re going to talk a… Read more