int for(ensic){blog;}

There's a new conference on the subject of digital forensics forming in Europe. The Digital Forensic Forum (DFF) will be held in Prague, Czech Republic, on November 26 and 27, 2007. The Call for Papers is still open until August 31, 2007.

By Andreas Schuster at 06/29/2007, 01:00 PM | Permalink

This brief post again provides you with a snippet to go into your magic(5). It allows file(1) to determine whether the page file contains a memory dump. We will then use this information in order to to extract the memory dump from a pagefile.sys.

By Andreas Schuster at 06/28/2007, 04:00 PM | Permalink

I've created a cheat sheet in order to accompany the tutorial held at the FIRST Conference 2007. On four pages it lists the most frequently used commands of Microsoft's Debugger and some other memory analysis tools along with some structures and kernel variables. Get the cheat sheet here.

By Andreas Schuster at 06/27/2007, 04:00 PM | Permalink

A blog post by Harlan Carvey made me aware of some official documentation of the Event Log Header and EOF structures.

By Andreas Schuster at 06/15/2007, 07:10 PM | Permalink