Forensic Analysis - malwr0nwind0z.com

Network Forensics with Wireshark and Brim: Analyzing a PCAP from an Agent Tesla infection

Leave a Comment / Forensic Analysis / malwr0nwind0z

Simplifying Network Forensic Analysis: Exploring Wireshark PCAP Files with Brim Wireshark is a powerful network protocol analyzer that allows network administrators and security professionals to monitor and inspect network traffic. It captures packets in real-time or reads from existing capture files, known as PCAP files, for offline analysis. However, as the complexity of network data […]

Network Forensics with Wireshark and Brim: Analyzing a PCAP from an Agent Tesla infection Read More »

KAPE Collection: Forensic artifacts from a Qakbot infection (via Qaknote)

KAPE: Kroll Artifact Parser and Extractor KAPE is a open source Windows-based triage program that will find and collect important forensically relevant Windows OS artifacts (System logs, Registry entries, etc.). KAPE can be ran on a live Windows operating or a mounted Windows image (i.e. dead-box forensics). KAPE utilizes Targets and Modules to collect and