Featured

Miscellaneous Windows 10 Forensic Artifacts

The other night I started looking through my PC for potential forensic artifacts for applications that I use. I was focusing on video game applications but along the way I found some other interesting ones. Below I’ll show the artifacts for each application and explain how it could help in investigations. Visual Studio Code For […]

Read More Miscellaneous Windows 10 Forensic Artifacts
Featured

DFIR Scenario #1 Lone Wolf

Introduction This fictional digital investigation scenario examines the disk image and memory of a person’s laptop that was seized. The suspect in question is believed to be planning a mass shooting attack. Our role as the forensic investigator is to find evidence that either supports or disproves this allegation. Acquisition The forensic examiner present during […]

Read More DFIR Scenario #1 Lone Wolf

Trojan.XMRig Analysis

Example.exe     MD5 – 60d7e7d1522a81917dde26bb9b5f4260     SHA256 – 9017dc9b43b1e8442dd4d423bec02820fde2a0efef05dc81926762e0ff8f263c I took a quick look at Malshare today and saw this interesting file named example.exe and I decided to analyze it. Let’s start with some static analysis. On Malshare, it was reported to have a UPX Packer YARA hit. I took a look at it in […]

Read More Trojan.XMRig Analysis