Mutexes and malware analysis

There is many way to investigate malware and to “find evil” in an unknown executable. There will be situation where looking at a list of running processes won’t give you information to raise a red flag. You can always go deeper and perform more manual…

sysmon form sysinternals

Microsoft has released an updated version of the sysinternals tools recently. This update include a tool named: sysmon. You can find all details from the TechNet website by following this link:¬†http://technet.microsoft.com/en-us/sysinternals/dn798348.aspx In short the tool will¬†provides detailed information about process creations, network connections, and changes…

DFIR Challenge – ISSA 2013 – My Answers

Jack Crook has posted a new DFIR challenge a few days ago. Let’s have a look at the challenge and also to my answers. Obviously if you want to enjoy the challenge then don’t read this article, go on the challenge page, download what’s necessary…