Digital Forensics & Incident Response
Search…
Digital Forensics & Incident Response
Welcome
General Notes
S3FS Fuse and MinIO
Enable nested VT-X/AMD-V
mitm proxy
Exploring Volume Shadow Copies Manually
Resize VMDK/VDI
Resize VMDK on ESXi
Convert raw to vmdk
Favicon hashing and hunting with Shodan
WinRM/RemotePS
Windows Forensics
Security Patch/KB Install Date
Linux Forensics
Inspecting RPM/DEB packages
Common Locations
ESXi Forensics
Understanding ESXi
General Notes
Triage and Imaging
ESXi VMFS Exploration
Memory Forensics
Volatility
Acquisition
DumpIt
WinPMem
Linux / AVML
Incident Response
VirusTotal & hash lists
Unix-like Artifacts Collector (UAC)
Acquiring Linux VPS via SSH
AVML dump to SMB / AWS
China Chopper webshell
Logging Powershell activities
Compromised UniFi Controller
AnyDesk Remote Access
iOS Forensics
Checkm8 / checkra1n acquisitions/extractions
CTF / Challenges
DEFCON 2019 forensics
Tomcat shells
Magnet Weekly CTF
DFIR Madness CTF
Log Files
Windows
Malware Analysis
PDF Analysis
Walking the VAD tree
OpenCTI
What is CTI/OpenCTI?
Setting up OpenCTI
Container Management
Configure Connectors
Powered By
GitBook
Acquisition
Here are the articles in this section:
DumpIt
WinPMem
Linux / AVML
Previous
3rd Party Plugins
Next
DumpIt
Copy link