Malware forensics field guide for Windows Systems

All good books deserve a reference and this one is one of them. Malware forensics field guide for Windows systems.   The book is very easy to read and mainly practical. It goes from describing the general IR process to advance subjects such as memory forensics, live and dead analysis of windows systems and malware…

Bypassing Perimeter Security and Malware Evasion (3)

This will be the final post in which I am presenting one of the many infection and evasion techniques used by criminals today. In this article which I hope is shorter than the previous ones, https://samuelalonsog.wordpress.com/2015/08/14/bypassing-perimeter-security-and-malware-evasion-1/ and https://samuelalonsog.wordpress.com/2015/08/24/bypassing-perimeter-security-and-malware-evasion-2/ I presume you are currently competent with pcap analysis and Wireshark as the main aim of this…

Reporting to management / evidence reconstruction and hypothesis

In this article I am covering the main points proved in the previous article, Network Forensics – Traffic Analysis (2) In order to report to management we will need to create a timeline that can be checked and that is supported by the evidence extracted from the pcap file. I am starting by a timeline…

Network Forensics – Traffic Analysis (2)

This post is a continuation of the previos post Network Forensics – Traffic Analysis (1). Scenario, Ann skips bail After being released on bail, Ann Dercover disappears! Fortunately, investigators were carefully monitoring her network activity before she skipped town. “We believe Ann may have communicated with her secret lover, Mr. X, before she left,” says…

Network Forensics – Traffic Analysis (1)

After some time researching I found some interesting network forensic challenges that I will like to discuss with you. The main purpose is to bring back and update my network analysis skills. There are different ways to reach the solution however as my background is Incident Response I always try to get results fast and…