- READ MORE
One of the most useful things a local IT department can do when confronted with a security event is capture information. A fresh dataset, captured hours or days after an event can be crucial in order to answer important questions at a later stage. Once captured in a standard manner, the digital footprints are “frozen” […]
- READ MORE
A place where evidence handling shines on Linux is the ability to safely mount full disk images using loopback devices. This post will explain how to simply mount the different partitions within a read-only image and then access different Virtual Shadow Copies (VSS) for NTFS partitions.
- READ MORE
Moloch is a great network forensics tool created by the network team at AOL (https://molo.ch/). It captures and stores network traffic (stored as pcap files) and then parses them and indexes them into an elasticsearch instance. This index is then exposed via a web interface. The system captures all data sent to the monitoring interface […]
- READ MORE
Autopsy is a digital forensics and graphical interface to The Sleuth Kit and other forensic tools (https://www.sleuthkit.org/autopsy/).