ON SECURITY By Susan Bradley We still don’t have great tools to help us understand whether our computers have been attacked and, if so, what the attack did. A recent post in the forums reminded me of that. It’s true for both Windows and Mac PCs. For all the telemetry we don’t want, for all […]

Volatility is a memory forensics tool that can pull SAM hashes from a vmem file. These hashes can be used to escalate from a local user or no user to a domain user leading to further compromise.

The post Offline Memory Forensics With Volatility appeared first on Black Hills Information Security, Inc..

John Strand // In the last webcast we covered initial Windows Live Forensics (see the recording here), in this one we play with memory from a compromised system. We cover the […]

The post WEBCAST: Windows Memory Forensics appeared first on Black Hills Information Security, Inc..

John Strand // So you think you might have a compromised Windows system. If you do, where do you start? How would you review the memory of that system? What […]

The post WEBCAST: Live Forensics & Memory Analysis appeared first on Black Hills Information Security, Inc..