Digital forensic types overview

September 30, 2023

Digital forensics stands as a critical discipline in the contemporary era, where digital interactions and activities permeate every facet of our lives. It operates as a comprehensive field dedicated to the investigation and understanding of various forms of digital activities and the recovery of digital data in a forensically sound...

Announcing the BETA release of DAMM

September 17, 2014

Announcing the BETA release of DAMM, a FOSS memory analysis platform built on top of Volatility Memory analysis is the new(-ish) big thing in the incident response, malware analysis, digital forensics space for the moment, and so all the cool kids seem to be doing it. While memory analysis is...

What We Have Been Up To: March, April, and May in Review

June 6, 2014

So much has happened and it’s time to let you know what we have been up to these last couple months. Our own Vico Marziale was recently a guest on Forensics Lunch with David Cowan not once, but three times! Forensics Lunch is a weekly webcast featuring digital forensics practitioners...

Forensics Tools – find_times.py

April 23, 2014

Recently, we had the pleasure to join David Cowen on several episodes of his weekly show Forensic Lunch.  In this particular episode on Youtube, we discussed some of our recent research on discovering previously unknown Windows registry values with embedded timestamp information.  As promised, we are releasing our script to...

504ENSICS Releases Digital Forensics Tool: SPOTLIGHT INSPECTOR

October 1, 2013

504ENSICS Labs just released Spotlight Inspector, a free application for computer forensic investigation of Mac OSX computers. Until now, there has never been an effective cross-platform forensics tool for accessing Spotlight internal data from Mac OSX systems – which is where all of the information about files indexed on a...

Automated Volatility Plugin Generation with Dalvik Inspector

May 23, 2013

Introduction In this blog post we will be demonstrating a new feature to the Dalvik Inspector tool, which we are planning on releasing this summer at Black Hat USA. Specifically we have added functionality to the Dalvik Inspector GUI for automatic Volatility plugin creation. To accomplish this, we have developed...

A Framework for Differential Analysis of Malware in RAM

April 10, 2013

Current analysis methods for images of RAM are limited in that they are designed to analyze a single memory image at a time. When attempting to analyze malware, it is a common technique to spin up a clean VM, infect it with that malware and then acquire a snapshot of...

Android Application (Dalvik) Memory Analysis & The Chuli Malware

April 1, 2013

Introduction In this blog post, we will be presenting new functionality that will be incorporated into the next major Volatility release after version 2.3. This functionality allows for deep analysis of application internals on the Android operating system. All Android applications, such as those downloaded from Google Play, are powered...

RSA Conference 2013

March 1, 2013

We’ve just gotten back from RSA Security in San Francisco. The talk went great as it seemed there were a few hundred people in the room. The jist of the presentation was that registry forensics can be useful for more than just standard forensics investigations. Co-Founder, Dr. Lodovico Marziale, went...