Posts Tagged ‘windows 10 forensics’

This article is dedicated to a somewhat unusual instrument. SpookFlare is the loader generator for the Meterpreter Reverse HTTP and HTTPS stages. It swaps a custom encrypter with the functions of obfuscating strings and compiling the code at runtime. The peculiarity of SpookFlare is to bypass all existing AV at the moment. Due to the properties, the relevance of the tool is ambitiously aimed at a long period of time.

Windows NT constantly uses the terms “user mode” and “kernel mode” when discussing the architecture of the OS, so you should determine what it means. This article is divided into separate sections. The first section will discuss the user mode, and the second section will discuss the kernel mode. In both sections, the issue of the suspension and resumption of process flows is discussed.

It is a good idea using Powershell Scripting for DFIR, system administrators and a field work. Hrushikeshk has shared a post ‘Powershell 101’ which contains on notes about how to use Powershell Scripting.

Foxton Forensics provides free and commercial tools for capturing, extracting and analyzing Internet history from the main web browsers on the desktop. They offer products that are primarily focused on the field of digital forensics and are used worldwide by law enforcement, government, military, corporate and educational organizations.