Thank you for thoses very userfull informarions. I have a question concerning the first command plist you explain : when you get the list of process, why do you find that reader_sl suspicious ? What are the criteria that put you on the way ? Thank you, you have one more suscriber ;-)
@@HackeXPlorer I need to create script in volshell volatility that verifies the process DOS Header and dumps it, I'm having difficulties completing this task
Please make a video series named CYBER CRIME INVESTIGATION with FORENSICS : Real Case Scenarios and Techniques to Solve Case :) Your videos are very nice sir.
Hi, i have a question. When you put in command pstree, how do you know there is something wrong with the explorer.exe and the file under it? Many of the tutorials that I watched didn't really explain how they detected which file is suspicious, so it confuses me
Hi, First a fall i congratulate you for all your efforts for making video and make us to understand better regarding the cyber security. It helped me in my carrier.I Have seen many of you videos and currently I'm learning forensic and building our own environment in our organization.I have few Question related to that, i hope you will answer those I use FTK imager to take volatility image. 1. In your video i can see you are getting the profile and you choose a profile to load but in my case i took a volatility image of Windows 10 64bit system and i can see may profiles in that i selected each and every profile which was listed in that profile but none of the proflile was giving me results. Can you please help me on this i is i am missing anything while collecting the memory image or is there any other reason for that. your answer will help to build my forensic environment.
Hello sir, this video is very much useful. I need your help in preparing a standard operating procedure for live volatile memory analysis. Could you plz share the template for the same.
Hi Javed, if you have problems with Dumpit do the following , just suspend the VM and look for the *.VMEM file This article will help you www.andreafortuna.org/2019/04/03/how-to-analyze-a-vmware-memory-image-with-volatility/
I have tried taking dumps from Windows 10 version 1803, 1809, 1903,1909,2004, 1703 using dumpit and ftk imager. Volatility does not give a profile suggestion for any of them when I use the 'imageinfo' plugin. Do you know some workarounds ?
This is a great channel that I have come across. To make Cyber Security Analyst life easier do you provide any type of coaching (online) ? If yes then please do let me know. I would be happy to join you and share your knowledge. Since this is the latest video in the channel I hope you read and revert back :)
Hi Abhinav , thankyou for the feed back. My main goal from this channel is to help cyber security analysts like us, and any one who wish to enter this field. I have some plans to take this forward. Will share with you all on a Future video.
@@HackeXPlorerI'm currently working as a Cyber Security Analyst. Your video helped me to a great extent . When can I expect a video about the coaching details?
Hi Javed, you don't need to use Dump it for this, just suspend the VM and look for the *.VMEM file This article will help you www.andreafortuna.org/2019/04/03/how-to-analyze-a-vmware-memory-image-with-volatility/
Great tutorial, thank you for making this. 👍
My pleasure!
Thank you for thoses very userfull informarions. I have a question concerning the first command plist you explain : when you get the list of process, why do you find that reader_sl suspicious ? What are the criteria that put you on the way ? Thank you, you have one more suscriber ;-)
Hello Sir is it possible to contact you somehow ?
Hi there, how can I help you, Martin?
@@HackeXPlorer I need to create script in volshell volatility that verifies the process DOS Header and dumps it, I'm having difficulties completing this task
i can not open. Error The requested file doesn't exist. please helpl me.
Tks, I'm begining using Volatility and this helps a lot, tks sir
I can't download anything from the volatilityfoundation site and don't know where to download DumpIt from. Any help?
Should be ok now
Please make a video series named CYBER CRIME INVESTIGATION with FORENSICS : Real Case Scenarios and Techniques to Solve Case :) Your videos are very nice sir.
Thankyou for the valueble suggestions, I am actually trying to help analysts with real life investigations. Awesome tip 👍👍
love love love, please keep rolling out this videos. thank u
Thanks, now I have an idea what this does .
symbol line sandbox analysis
Great video!
Excellent video you should make a Udemy course
Thank you for the suggestion.
Hi, i have a question. When you put in command pstree, how do you know there is something wrong with the explorer.exe and the file under it?
Many of the tutorials that I watched didn't really explain how they detected which file is suspicious, so it confuses me
You just got another subscriber. Thank you so much for this video which will help me immensely with my BTL certification.
Great overview of Volatility & the plugins
Thank you, happy that the content helped you 👍
Thank you for this detailed valuable information. And thanks for your help. I just subscribed!
Hi,
First a fall i congratulate you for all your efforts for making video and make us to understand better regarding the cyber security. It helped me in my carrier.I Have seen many of you videos and currently I'm learning forensic and building our own environment in our organization.I have few Question related to that, i hope you will answer those
I use FTK imager to take volatility image.
1. In your video i can see you are getting the profile and you choose a profile to load but in my case i took a volatility image of Windows 10 64bit system and i can see may profiles in that i selected each and every profile which was listed in that profile but none of the proflile was giving me results.
Can you please help me on this
i is i am missing anything while collecting the memory image or is there any other reason for that.
your answer will help to build my forensic environment.
Thanks
Hello sir, this video is very much useful. I need your help in preparing a standard operating procedure for live volatile memory analysis. Could you plz share the template for the same.
Hello sir. Make a demo how fmem works too.
Sure Frank, thankyou for the suggestion 👍
Dumpit do not get file in .vmem file
Hi Javed, if you have problems with Dumpit do the following ,
just suspend the VM and look for the *.VMEM file
This article will help you
www.andreafortuna.org/2019/04/03/how-to-analyze-a-vmware-memory-image-with-volatility/
Just loved your explanation. Keep up and please share more videos #DFIR
Do you have any idea how to do memory forensics for routers
Excellent video. Thanks for all the info!
still very useful this days. Thanks!
Do you have any idea how to do memory forensics for routers
I have tried taking dumps from Windows 10 version 1803, 1809, 1903,1909,2004, 1703 using dumpit and ftk imager. Volatility does not give a profile suggestion for any of them when I use the 'imageinfo' plugin. Do you know some workarounds ?
Try this git hub repo
github.com/volatilityfoundation/volatility/wiki/2.6-Win-Profiles
ua-cam.com/video/Us1gbPqtdtY/v-deo.html
really well explained, thank you very much for this tutorial!
Thanks and bravo
Cheers, thanks Muvi 😊
This is really good 👍
Do provide any online malware foresenic service? Desperately needed.
Hi what type of a service are you looking for?
This is a great channel that I have come across. To make Cyber Security Analyst life easier do you provide any type of coaching (online) ? If yes then please do let me know. I would be happy to join you and share your knowledge. Since this is the latest video in the channel I hope you read and revert back :)
Hi Abhinav , thankyou for the feed back. My main goal from this channel is to help cyber security analysts like us, and any one who wish to enter this field. I have some plans to take this forward. Will share with you all on a Future video.
@@HackeXPlorerI'm currently working as a Cyber Security Analyst. Your video helped me to a great extent . When can I expect a video about the coaching details?
Hello sir. Show us how selks works. Thanks!
just had a look on it, a suricata based IPS right? did you have a look at Security onion?
Wow great tutorial need More video sir .
Thankyou Jatin 👍
Show us how dump.vmem file with Dumpit please
Hi Javed, you don't need to use Dump it for this, just suspend the VM and look for the *.VMEM file
This article will help you
www.andreafortuna.org/2019/04/03/how-to-analyze-a-vmware-memory-image-with-volatility/
Hi, I’m using in real machine and Dumpit provide me .raw file. Can i use it with volatility. Thanks for your replay
Great and what is the name of the tool that you were using for executing commands
CMDER - Console Emulator
cmder.net
Tolls used and the download link are available in the description.