« May 2007 | Main | July 2007 »
Side notes
There's a new conference on the subject of digital forensics forming in Europe. The Digital Forensic Forum (DFF) will be held in Prague, Czech Republic, on November 26 and 27, 2007. The Call for Papers is still open until August 31, 2007.
Memory analysis
This brief post again provides you with a snippet to go into your magic(5). It allows file(1) to determine whether the page file contains a memory dump. We will then use this information in order to to extract the memory dump from a pagefile.sys.
Memory analysis
I've created a cheat sheet in order to accompany the tutorial held at the FIRST Conference 2007. On four pages it lists the most frequently used commands of Microsoft's Debugger and some other memory analysis tools along with some structures and kernel variables. Get the cheat sheet here.
NT event log
A blog post by Harlan Carvey made me aware of some official documentation of the Event Log Header and EOF structures.
This blog is a project of
Andreas Schuster
Im Äuelchen 45
D-53177 Bonn
Germany
impressum@forensikblog.de
Copyright © 2005-2010 by
Andreas Schuster
All rights reserved.