I'm also a student in Digital Forensics and Cyber security. Your videos helped me with deciding what Final Year Project to choose. Very well laid-out explanations of complex things. Your videos are amazing - all of them. Time well spent. Thank you
Thank you so much for your videos. I've been going through them like crazy. I'm a student in Digital forensics but I want to move more towards IR and your videos are excellent for that.
Hi Richard, I've watched both series windows and memory forensics, and I have practiced memory forensics enough by analyzing different malwares, now I'm forensicating my own laptop, one thing is irritating me that why driverbl plugin doesn't return anything, always the output is null. I've installed Magnet Ram capture today just to try it, through modules plugin i found that it loads the driver from the following directory C:\Users\Muhammad Noman\Downloads\MRCFA2D.tmp, and it is not found in the clean image that i had taken awhile back. Driverbl didnt notify me about that kernel loaded module. why?
That series of plug-ins has not been updated in quite a while and I have seen issues with newer builds of Windows 10. Step back to an older version of Windows, like 7, and see if you have different results.
I really wanna try this but i don’t have a sift workstation and I have tried to download it from sans with my account it wasn’t work got some error. Any help? cuz I really wanna download that img. Anyhow, currently I have windows SIFT acquired it dyring my for500 course
The memory images used here are not publicly available. However, the "Pulling Threads" episode within this series (ua-cam.com/video/gxA2gjCQs-o/v-deo.html) does have a memory sample you can download and use to follow along (you'll find the link in that episode's description).
I'm also a student in Digital Forensics and Cyber security.
Your videos helped me with deciding what Final Year Project to choose.
Very well laid-out explanations of complex things. Your videos are amazing - all of them. Time well spent. Thank you
Thank you so much for your videos. I've been going through them like crazy. I'm a student in Digital forensics but I want to move more towards IR and your videos are excellent for that.
I'm having trouble with my volatility :( It doesn't seem to accept the baseline plugin :(
What kind of error do you receive when you try?
@@13Cubed I think it was the code itself? It doesn't seem to accept the inputs properly
Really cool! Thanks!
Thanks for the video...
thank you for your videos
Hi Richard, I've watched both series windows and memory forensics, and I have practiced memory forensics enough by analyzing different malwares, now I'm forensicating my own laptop, one thing is irritating me that why driverbl plugin doesn't return anything, always the output is null. I've installed Magnet Ram capture today just to try it, through modules plugin i found that it loads the driver from the following directory C:\Users\Muhammad Noman\Downloads\MRCFA2D.tmp, and it is not found in the clean image that i had taken awhile back. Driverbl didnt notify me about that kernel loaded module. why?
That series of plug-ins has not been updated in quite a while and I have seen issues with newer builds of Windows 10. Step back to an older version of Windows, like 7, and see if you have different results.
@@13Cubed But I'm getting results for servicebl and processbl. Thanks for the reply Sir.
Muhammad Noman Yes, it's driverbl that doesn't return results.
I really wanna try this but i don’t have a sift workstation and I have tried to download it from sans with my account it wasn’t work got some error. Any help? cuz I really wanna download that img. Anyhow, currently I have windows SIFT acquired it dyring my for500 course
You can install SIFT on top of an existing Ubuntu installation. Check this out: github.com/teamdfir/sift-cli
intro is super loud relative to the content, be careful if wearing headphones
Yeah sorry about that -- much better/different in newer episodes.
Can you please comment the link for images?
The memory images used here are not publicly available. However, the "Pulling Threads" episode within this series (ua-cam.com/video/gxA2gjCQs-o/v-deo.html) does have a memory sample you can download and use to follow along (you'll find the link in that episode's description).