How To Use AXIOM In Malware Investigations: Part I

Hey everyone, Tara Nelson here with Magnet Forensics. Today I’m going to give a little bit of insight into how AXIOM can help with some of your day-to-day investigations.

In part one of the segment we’re going to talk a … Read more

Memory Dump Formats

by Chirath De Alwis

As in other storage devices, volatile memory also has several formats. According to the acquisition method that is in use, the captured file format can be vary. According to (Ligh et al, 2018) the most commonly … Read more

Linux Memory Forensics: Dissecting the User Space Process Heap

by Frank Block and Andreas Dewald

Abstract

The analysis of memory during a forensic investigation is often an important step to reconstruct events. While prior work in this field has mostly concentrated on information residing in the kernel space (process … Read more

RAM Forensic Analysis

by Eliézer Pereira

1 Goal

The purpose of this article is show how to perform a RAM memory forensic analysis, presenting some examples of information that can be retrieved and analyzed to help identify indications of security incidents as well … Read more

Acquiring Windows PCs

by Oleg Afonin, Danil Nikolaev and Yuri Gubanov

In our previous article, we talked about acquiring tablets running Windows 8 and 8.1. In this publication, we will talk about the acquisition of Windows computers – desktops and laptops. This class Read more

Capturing RAM Dumps and Imaging eMMC Storage on Windows Tablets

Oleg Afonin, Danil Nikolaev, Yuri Gubanov
© Belkasoft Research 2015

While Windows desktops and laptops are relatively easy to acquire, the same cannot be said about portable Windows devices such as tablets and convertibles (devices with detachable keyboards). Having no Read more

The Importance of Memory Search and Analysis

First published October 2009

by Access Data
www.accessdata.com

Introduction

Historically, criminal or corporate investigations involving computer equipment began by immediately disconnecting any compromised machines from the network, powering them down, and securing them in a proper environment where they would

Read more