Hi, First a fall i congratulate you for all your efforts for making video and make us to understand better regarding the cyber security. It helped me in my carrier.I Have seen many of you videos and currently I'm learning forensic and building our own environment in our organization.I have few Question related to that, i hope you will answer those I use FTK imager to take volatility image. 1. In your video i can see you are getting the profile and you choose a profile to load but in my case i took a volatility image of Windows 10 64bit system and i can see may profiles in that i selected each and every profile which was listed in that profile but none of the proflile was giving me results. Can you please help me on this i is i am missing anything while collecting the memory image or is there any other reason for that. your answer will help to build my forensic environment.
Thank you for thoses very userfull informarions. I have a question concerning the first command plist you explain : when you get the list of process, why do you find that reader_sl suspicious ? What are the criteria that put you on the way ? Thank you, you have one more suscriber ;-)
Please make a video series named CYBER CRIME INVESTIGATION with FORENSICS : Real Case Scenarios and Techniques to Solve Case :) Your videos are very nice sir.
Hello sir, this video is very much useful. I need your help in preparing a standard operating procedure for live volatile memory analysis. Could you plz share the template for the same.
This is a great channel that I have come across. To make Cyber Security Analyst life easier do you provide any type of coaching (online) ? If yes then please do let me know. I would be happy to join you and share your knowledge. Since this is the latest video in the channel I hope you read and revert back :)
Hi Abhinav , thankyou for the feed back. My main goal from this channel is to help cyber security analysts like us, and any one who wish to enter this field. I have some plans to take this forward. Will share with you all on a Future video.
@@HackeXPlorerI'm currently working as a Cyber Security Analyst. Your video helped me to a great extent . When can I expect a video about the coaching details?
Hi, i have a question. When you put in command pstree, how do you know there is something wrong with the explorer.exe and the file under it? Many of the tutorials that I watched didn't really explain how they detected which file is suspicious, so it confuses me
I have tried taking dumps from Windows 10 version 1803, 1809, 1903,1909,2004, 1703 using dumpit and ftk imager. Volatility does not give a profile suggestion for any of them when I use the 'imageinfo' plugin. Do you know some workarounds ?
Hi Javed, you don't need to use Dump it for this, just suspend the VM and look for the *.VMEM file This article will help you www.andreafortuna.org/2019/04/03/how-to-analyze-a-vmware-memory-image-with-volatility/
@@HackeXPlorer I need to create script in volshell volatility that verifies the process DOS Header and dumps it, I'm having difficulties completing this task
Hi Javed, if you have problems with Dumpit do the following , just suspend the VM and look for the *.VMEM file This article will help you www.andreafortuna.org/2019/04/03/how-to-analyze-a-vmware-memory-image-with-volatility/
You just got another subscriber. Thank you so much for this video which will help me immensely with my BTL certification.
still very useful this days. Thanks!
Great overview of Volatility & the plugins
Thank you, happy that the content helped you 👍
love love love, please keep rolling out this videos. thank u
Tks, I'm begining using Volatility and this helps a lot, tks sir
Hi,
First a fall i congratulate you for all your efforts for making video and make us to understand better regarding the cyber security. It helped me in my carrier.I Have seen many of you videos and currently I'm learning forensic and building our own environment in our organization.I have few Question related to that, i hope you will answer those
I use FTK imager to take volatility image.
1. In your video i can see you are getting the profile and you choose a profile to load but in my case i took a volatility image of Windows 10 64bit system and i can see may profiles in that i selected each and every profile which was listed in that profile but none of the proflile was giving me results.
Can you please help me on this
i is i am missing anything while collecting the memory image or is there any other reason for that.
your answer will help to build my forensic environment.
Thank you for thoses very userfull informarions. I have a question concerning the first command plist you explain : when you get the list of process, why do you find that reader_sl suspicious ? What are the criteria that put you on the way ? Thank you, you have one more suscriber ;-)
Thanks, now I have an idea what this does .
Excellent video. Thanks for all the info!
Great video!
Just loved your explanation. Keep up and please share more videos #DFIR
really well explained, thank you very much for this tutorial!
Wow great tutorial need More video sir .
Thankyou Jatin 👍
Please make a video series named CYBER CRIME INVESTIGATION with FORENSICS : Real Case Scenarios and Techniques to Solve Case :) Your videos are very nice sir.
Thankyou for the valueble suggestions, I am actually trying to help analysts with real life investigations. Awesome tip 👍👍
Thank you for this detailed valuable information. And thanks for your help. I just subscribed!
Great tutorial, thank you for making this. 👍
My pleasure!
Hello sir, this video is very much useful. I need your help in preparing a standard operating procedure for live volatile memory analysis. Could you plz share the template for the same.
This is really good 👍
Excellent video you should make a Udemy course
Thank you for the suggestion.
Do you have any idea how to do memory forensics for routers
Great and what is the name of the tool that you were using for executing commands
CMDER - Console Emulator
cmder.net
Tolls used and the download link are available in the description.
Thanks
This is a great channel that I have come across. To make Cyber Security Analyst life easier do you provide any type of coaching (online) ? If yes then please do let me know. I would be happy to join you and share your knowledge. Since this is the latest video in the channel I hope you read and revert back :)
Hi Abhinav , thankyou for the feed back. My main goal from this channel is to help cyber security analysts like us, and any one who wish to enter this field. I have some plans to take this forward. Will share with you all on a Future video.
@@HackeXPlorerI'm currently working as a Cyber Security Analyst. Your video helped me to a great extent . When can I expect a video about the coaching details?
Hello sir. Make a demo how fmem works too.
Sure Frank, thankyou for the suggestion 👍
Hi, i have a question. When you put in command pstree, how do you know there is something wrong with the explorer.exe and the file under it?
Many of the tutorials that I watched didn't really explain how they detected which file is suspicious, so it confuses me
i can not open. Error The requested file doesn't exist. please helpl me.
Thanks and bravo
Cheers, thanks Muvi 😊
Hello sir. Show us how selks works. Thanks!
just had a look on it, a suricata based IPS right? did you have a look at Security onion?
I have tried taking dumps from Windows 10 version 1803, 1809, 1903,1909,2004, 1703 using dumpit and ftk imager. Volatility does not give a profile suggestion for any of them when I use the 'imageinfo' plugin. Do you know some workarounds ?
Try this git hub repo
github.com/volatilityfoundation/volatility/wiki/2.6-Win-Profiles
ua-cam.com/video/Us1gbPqtdtY/v-deo.html
I can't download anything from the volatilityfoundation site and don't know where to download DumpIt from. Any help?
Should be ok now
Do provide any online malware foresenic service? Desperately needed.
Hi what type of a service are you looking for?
symbol line sandbox analysis
Show us how dump.vmem file with Dumpit please
Hi Javed, you don't need to use Dump it for this, just suspend the VM and look for the *.VMEM file
This article will help you
www.andreafortuna.org/2019/04/03/how-to-analyze-a-vmware-memory-image-with-volatility/
Hi, I’m using in real machine and Dumpit provide me .raw file. Can i use it with volatility. Thanks for your replay
Hello Sir is it possible to contact you somehow ?
Hi there, how can I help you, Martin?
@@HackeXPlorer I need to create script in volshell volatility that verifies the process DOS Header and dumps it, I'm having difficulties completing this task
Dumpit do not get file in .vmem file
Hi Javed, if you have problems with Dumpit do the following ,
just suspend the VM and look for the *.VMEM file
This article will help you
www.andreafortuna.org/2019/04/03/how-to-analyze-a-vmware-memory-image-with-volatility/
Do you have any idea how to do memory forensics for routers