Grep – What a beast!
When I had been given the better part of 8gb of logs recently and was playing with a trial licence of splunk, I was in between a rock and a hard place. I had a string to search for, but…
When I had been given the better part of 8gb of logs recently and was playing with a trial licence of splunk, I was in between a rock and a hard place. I had a string to search for, but…
After days of going through pages of doco, running tests on terabytes of files, I finally made it all work. log2timeline.py myhost.plaso sourceimage.vmdk #myhost.plaso is going to be the output body file for psort. This creates the metadata and…
FTK Imager is a free tool from Access Data that has a few key functions: 1.Capture live memory and dump to a .mem file (to be used with volatility/rekall etc later) 2.Create a custom content image from the file system.…
Ok, so we need to mount a raw image to be able to extract some files from it. Prior to doing this, we need to do a few things. Run the file command, to identify how many partitions are within…
One of the main challenges when using new tools is knowing what the output is going to look like once you’re done. Does it present itself in a visually appealing way, does it contain what you need, etc. As part…
Ok I’m still awake, so I figured that sharing some basic Volatility Syntax as the next post would be worthwhile. Memory forensics is a valuable way to acquire more evidence from the system. The sooner the acquisition occurs, the better.…