Digital Forensics & Incident Response & Reverse Engineering
Memory images, page files, hibernation files, crash dumps are standard targets for memory forensics. But there are unusual ones: for example, chunks of disclosed (leaked) uninitialized kernel memory found on a drive.
Continue reading “Forensic analysis of disclosed uninitialized kernel memory”
An offline antivirus (AV) scanner is used to scan and clean a computer while its usual operating system isn’t running. Such scanners are often launched from a bootable USB drive or from an optical disc. Some scanners include a component to scan and modify the inactive registry of a Windows operating system.
What happens to the registry when a user performs such a scan?
My DFIR Blog 