Forensics

Resources

Articles

• A tcpdump Tutorial with Examples - Daniel Miessler, Unsupervised Learning

• Volatility Cheat Sheet - Carlos Polop, HackTricks

• Volatility, my own cheatsheet - Andrea Fortuna

  • Part 1: Image Identification

  • Part 2: Processes and DLLs

  • Part 3: Process Memory

  • Part 4: Kernel Memory and Objects

  • Part 5: Networking

  • Part 6: Windows Registry

  • Part 7: Analyze and convert crash dumps and hibernation files

  • Part 8: Filesystem

GitHub Repositories

• DFIR

• Digital Forensics Framework

• Linpmem - Linpmem is a linux memory acquisition tool

• MemLabs - Educational, CTF-styled labs for individuals interested in Memory Forensics

• WinPmem - The multi-platform memory acquisition tool.

Tools

• CAINE - GNU/Linux live distribution

• FTK Imager

• PALADIN - The World's Most Popular Linux Forensic Suite

• X-Ways Forensics - Integrated Computer Forensics Software

YouTube Videos

• Introduction to Memory Forensics with Volatility 3 - DFIRScience

• Memory Forensics Using the Volatility Framework - Professor K

• Memory Forensics with Volatility - Akamai Developer