Discrete Recovery

Volatilty, Linux, Hashing, OSINT, forensic images I had a need to examine a memory dump a while back and I used Volatility https://www.volatilityfoundation.org/  Normally I use both versions 2.6 and 3. Depending on the memory sample and what you are looking for, you might prefer one to the other. There are many great sites out there on how to use Volatility, but I wanted to mention a very useful site, https://unminioncurioso.blogspot.com/2019/03/dfir-first-steps-with-volatility.htm l from Marcos (@_N4rr34n6) because it reinforces a need to understand what you are looking for and he shared his thoughts with a number of good examples on how to get there – using grep and egrep. You can not be a modern day forensicator with out knowledge of the basic Linux commands. Another useful tool is Bulk Extractor, which also is often overlooked: https://fwhibbit.es/en/who-is-mr-x-lets-find-out-it-with-bulkextractor-egrep-patterns-we-are-what-we-browser Another essential it...