SANS DFIR Webcast - Memory Forensics for Incident Response

แชร์
ฝัง
  • เผยแพร่เมื่อ 23 ธ.ค. 2024

ความคิดเห็น • 11

  • @prince10000able
    @prince10000able 7 ปีที่แล้ว +3

    Really helpful being a new bee with Memory Forensics. Thanks for the power packed stuff !!

    • @harlanwilder2328
      @harlanwilder2328 3 ปีที่แล้ว

      i dont mean to be off topic but does someone know a method to get back into an instagram account?
      I was stupid forgot my password. I would appreciate any assistance you can give me!

    • @judecaspian1871
      @judecaspian1871 3 ปีที่แล้ว

      @Harlan Wilder instablaster =)

    • @harlanwilder2328
      @harlanwilder2328 3 ปีที่แล้ว

      @Jude Caspian thanks so much for your reply. I found the site through google and im waiting for the hacking stuff now.
      Takes a while so I will get back to you later with my results.

    • @harlanwilder2328
      @harlanwilder2328 3 ปีที่แล้ว

      @Jude Caspian It did the trick and I now got access to my account again. I am so happy:D
      Thank you so much you really help me out !

    • @judecaspian1871
      @judecaspian1871 3 ปีที่แล้ว

      @Harlan Wilder happy to help =)

  • @FaRaH_xi
    @FaRaH_xi 10 หลายเดือนก่อน

    Redline 25:00
    Volatility 35:10

  • @roberts8134
    @roberts8134 8 ปีที่แล้ว +6

    Overall good, but the presenter is wrong about one thing. A false from ldrmodules in and of itself means nothing. To test, I installed a fresh Win7 from CD, no network cable, took an image, and still got a bunch of falses from ldrmodules. Now if ldrmodules can't ID the path, then worry.

    • @ImGeoX
      @ImGeoX 6 ปีที่แล้ว +1

      Robert S You are correct that in this case the “false” listing is a false positive. This is because if you notice in the mapped path, this is the process executable and that’s just how it is,. The process executables won’t be in the InInit list. What we should be looking for here irregular file paths, or no mapped paths at all. That would be suspicious.

  • @ironman-dx5vz
    @ironman-dx5vz 8 ปีที่แล้ว

    Can you please guide me, how to view this type of pane in Mandiant Redline?. Because when I open any triage for analysis, I am not able to see it in this view. This view looks cool with all the necessary details, especially investigative steps.

  • @salaheddinelouffidi
    @salaheddinelouffidi 3 ปีที่แล้ว

    very good thank you