Anybody getting into forensics knows its like putting on a pair of glasses and seeing things in a whole new light. Part of being able to identify bad or evil is being able to identify normal. In my opinion, SANS did a pretty good job depicting some common things to
Month: May 2014
Building a profile for Volatility
After capturing Linux memory using LiME (or your program of choice), we can analyze it using Volatility. In order to do so, you will need to build a profile for Volatility to use. The profile is based on the kernel/version of the system in which the memory capture was done
Linux Memory Capture with LiME
When doing forensics, grabbing a capture of the live memory is vital. There are a few different programs out there to accomplish the task but in my testing, I felt LiME was the best choice. It wasn’t intrusive at all on the system and was pretty straightforward. Once I compiled