Profile cover photo
Profile photo
Michael Cohen
309 followers
309 followers
About
Posts

Post has attachment
Fun little weekend project!
Virtual Secure Mode and memory acquisition
Virtual Secure Mode and memory acquisition
velociraptor-blog.velocidex.com
Add a comment...

Post has attachment
Virtual Secure Mode and memory acquisition
This blog post is about my recent work to track down and fix a bug in Winpmem - the open source memory acquisition utility. You can try the latest release at the  Velocidex/c-aff4  release page  (Note Winpmem moved from the Rekall project into the AFF4 proj...
Add a comment...

Post has attachment
I just uploaded a quick screen cast demo of our latest Velociraptor release:

https://www.youtube.com/watch?v=ecP-TeUvSEY

Check out our blog for all the techie details :-).

https://velociraptor-blog.velocidex.com/
Add a comment...

Post has shared content
Next Velociraptor release is out, please provide feedback...
Velociraptor Artifacts
Velociraptor Artifacts
velociraptor-blog.velocidex.com
Add a comment...

Post has attachment
Introducing Velociraptor
Introducing Velociraptor
velociraptor-blog.velocidex.com
Add a comment...

Post has attachment
ELF hacking with Rekall
Imagine you are responding to an incident on an old Linux server. You log into the server, download your favorite Linux incident response tool (e.g. Linpmem, aff4imager), and start collecting evidence. Unfortunately the first thing you see is: Argh! This sy...
ELF hacking with Rekall
ELF hacking with Rekall
blog.rekall-forensic.com
Add a comment...

Post has attachment
Yes it's true! I wonder how absorbent gold leaf is?
Add a comment...

Post has attachment
Great work!
Add a comment...

Post has attachment
We had a ton of fun at DFRWS 2017. It was really great to see the top researchers and practitioners in the DF/IR field meet once again at Austin Texas.
Rekall Agent Alpha launch
Rekall Agent Alpha launch
rekall-forensic.blogspot.com
Add a comment...

Post has attachment
Rekall Agent Alpha launch
DFRWS 2017 Release - Code named Hurricane Ridge Last week at DFRWS 2017 , we were proud to launch Rekall 1.7.0RC1 with the first alpha release of the Rekall Agent. The Rekall Agent is a distributed end point monitoring solution based on the Google Cloud Pla...
Rekall Agent Alpha launch
Rekall Agent Alpha launch
rekall-forensic.blogspot.com
Add a comment...
Wait while more posts are being loaded