SANS DFIR Webcast - Memory Forensics for Incident Response

Рет қаралды 54,432

SANS Digital Forensics and Incident Response

Күн бұрын

Пікірлер: 11

@prince10000able 7 жыл бұрын

Really helpful being a new bee with Memory Forensics. Thanks for the power packed stuff !!

@harlanwilder2328 3 жыл бұрын

i dont mean to be off topic but does someone know a method to get back into an instagram account? I was stupid forgot my password. I would appreciate any assistance you can give me!

@judecaspian1871 3 жыл бұрын

@Harlan Wilder instablaster =)

@harlanwilder2328 3 жыл бұрын

@Jude Caspian thanks so much for your reply. I found the site through google and im waiting for the hacking stuff now. Takes a while so I will get back to you later with my results.

@harlanwilder2328 3 жыл бұрын

@Jude Caspian It did the trick and I now got access to my account again. I am so happy:D Thank you so much you really help me out !

@judecaspian1871 3 жыл бұрын

@Harlan Wilder happy to help =)

@roberts8134 8 жыл бұрын

Overall good, but the presenter is wrong about one thing. A false from ldrmodules in and of itself means nothing. To test, I installed a fresh Win7 from CD, no network cable, took an image, and still got a bunch of falses from ldrmodules. Now if ldrmodules can't ID the path, then worry.

@ImGeoX 6 жыл бұрын

Robert S You are correct that in this case the “false” listing is a false positive. This is because if you notice in the mapped path, this is the process executable and that’s just how it is,. The process executables won’t be in the InInit list. What we should be looking for here irregular file paths, or no mapped paths at all. That would be suspicious.

@FaRaH_xi 8 ай бұрын

Redline 25:00 Volatility 35:10

@ironman-dx5vz 8 жыл бұрын

Can you please guide me, how to view this type of pane in Mandiant Redline?. Because when I open any triage for analysis, I am not able to see it in this view. This view looks cool with all the necessary details, especially investigative steps.