Monthly Archives: August 2020

Digital Forensics and Incident Response

IntroductionDisclaimerArtifact locationsGet an object of forensic artifactsQuery object for relevant registry keys:Query object for relevant file paths:Windows Cheat SheetOrder of VolatilityMemory Files (Locked by OS during use)Binalyze IREC Evidence Collector (GUI or CommandLine)Belkasoft Live RAM CapturerRedlineMemoryzeComae DumpITMagnet Forensics (Mostly GUI)Volexity SurgeMicrosoft LiveKdWinpmemImaging Live MachinesFTK Imager (Cmd version, mostly GUI for …

Read More »