Unremovable malware with WSL

Windows Subsystem for Linux (or, as I’m incorrectly calling it, Linux Subsystem for Windows) is a tool in Windows 10 that provides a Linux kernel on top of the Windows kernel. WSL can translate Linux system calls to Windows language. This way one can execute Linux-related apps/commands in Windows without re-compilation. It can be powerful in the hand of a good administrator but it also has some drawbacks as it was mentioned in this reddit post: https://www.
Read more

Defcon DFIR CTF 2019 writeup - Triage VM

This year an unofficial Defcon DFIR CTF was provided by Champlain College‚Äôs Digital Forensic Association. They created challenges in 5 topics which are available for anyone for a little practice on this site: defcon2019.ctfd.io. The challenges are sorted into the following categories: DFA Crypto Challenge Deadbox Forensics Linux Forensics Memory Forensics Triage VM Questions I’m pretty new in forensics, started my journey approximately 9 months ago and have been doing it as an active hobby for 6 months now.
Read more

USB storage forensics in Win10 #1 - Events

Having information about USB devices connected to a system can be essential for some investigations and analyses. Most of the removable storages used nowadays are USB pen drives so knowing how to identify and investigate these is crucial. The main purpose of USB drive forensic analysis is to identify the connected devices and find some of the following information about it: connection and removal time, files copied to or from the device, opened and executed files and software from the attached drive.
Read more