Search results

  1. B

    Volatility shows network connection PID but pslit doesn't

    Hello, I'm investigating a windows memory dump and with connscan I find a web connection with a certain PID. However, when I issue pslist, pstree or psscan I can't seem to find that PID. ¿Any clue about this? ¿Where is that damn process? Thanks!
  2. B

    FMEM and DD segmentation fault

    Yes. I am running it directly as root
  3. B

    FMEM and DD segmentation fault

    Hi all, I am trying to acquire a live memory dump from an Ubuntu system. This is what I do: 1. Download fmem tool 2. Compile it with make and run ./sh 3. A /dev/fmem is created I know this is a special file and I have to specify the size for dd. However, I either end up with a small file or I...
  4. B

    Autopsy, windows image and no data

    Hello, @BIOS First of all, many thanks for your reply. Indeed I have found some filenames ending in "-slack", and I don't know what they mean (I have to do a deeper read to your links). I have opened my $MFT file with a hex viewer and I have searched for the name of the original file, with no...
  5. B

    Autopsy, windows image and no data

    Hello, I'm new to forensics and I'm performing some tests with Autopsy and a Windows dump image. It's a challenge. I am supposed to find relevant info. That's what I have found so far: - $Logfile, $MFT and orphaned files. - 2 JPG images. - 2 txt files with the same name. One of them deleted...

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu