Tag Archives: forensics

Solving GrrCon 2016 DFIR Challenge

      6 Comments on Solving GrrCon 2016 DFIR Challenge

It’s that time of year again and Wyatt Roersma has released the 2016¬†GrrCon¬†DFIR Challenge. At the time of writing it’s still available to register and download the images from https://ir.e-corp.biz. Once again as these are memory images I am going to try to solve the challenge solely using VolUtility. Word of warning I reveal all the answers :p For the… Read more »

VolUtility a web front end for the volatility framework.

Several months ago i finally managed to attend the SANS memory forensics course (FOR526) . Taught by the very knowledgeable @sibertor. The course covers memory structures and focuses on the two key frameworks for memory analysis, Volatility and Rekall. Im not going to get in to which is best, each has their uses and most times I will flip between… Read more »

I Hear you like Mount Points

      6 Comments on I Hear you like Mount Points

tl;dr Having just finished my SANS 508 Course i want to share a quick script to help mount partitions and disk images acquired as part of a forensic analysis. I Hear You Like Mount Points The SANS 508 is an Advanced Computer Forensics course and the majority of the course is examining Disk Images. The course uses E01 Images of… Read more »