archive
Date: March 2014

2014/03/30

Physical Memory Analysis – Bulk Extractor

by Destruct_Icon
Categories: Analysis, Host Forensics
Tags: ,
Comments: Leave a Comment

Bulk Extractor The second tool in our list for Physical Memory Analysis is Bulk Extractor. Bulk extractor is used to list everything out of memory into text files which will then allow you to quickly identify keywords. Let’s get started with the GUI. In order to run BE against a memory dump you will want[…]

2014/03/17

Tracer Fire 5 Series: Part 1.1 (Code Category)

by InterDimensional_Shambler
Categories: Analysis
Tags: ,
Comments: Leave a Comment

Background: This is a continuation of the Tracer Fire 5 Series posts: http://malwerewolf.com/2014/03/tracer-fire-5-series-part-1-0-intro/ Tools Used: Kahu Security’s “converter” http://www.kahusecurity.com/tag/converter/ Your favorite hex editor (I use 010 Editor, McAfee’s File Insight, etc) Code Category: This might be a bit large for one post; but let’s get started! Code1: Original Puzzle: The answer for this page is[…]

2014/03/09

Physical Memory Analysis – Introduction and Foremost

by Destruct_Icon
Categories: Analysis, Host Forensics
Tags: No Tags
Comments: Leave a Comment

Physical Memory Analysis You could say in the last few years there has been a boom in physmem(physical memory) analysis. There’s many tools out there to help aid in the analysis process but if you are fresh into forensics like us the question is, “Where do I start?” There’s plenty of good write ups about the tools themselves[…]

2014/03/07

Tracer Fire 5 Series: Part 1.0 (Intro)

by InterDimensional_Shambler
Categories: Analysis
Tags: , ,
Comments: Leave a Comment

Background: If you are not familiar with Los Alamos National Laboratories’ “Tracer FIRE” events there is an ample description here: http://csr.lanl.gov/tf/. Basically it’s a week-long event with various infosec/IT puzzles (primarily focused on forensics) & brain-busters that cover (but are not limited to): Encryption / Encoding Malware Analysis / Reverse Engineering / De obfuscation Host[…]


Today is Monday
2017/10/23