Pieces0310

What's going on in background?

摘要： Did you know that mobile phone manufacturer collect your info without notifying you? Did you know your mobile phone may check in to manufacturer's ser 阅读全文

posted @ 2016-10-31 10:06 Pieces0310 阅读(235) 评论(0) 推荐(0) 编辑

好用的內存鏡像工具Belkasoft RAM Capture

摘要：来自俄罗斯的取证大厂Belkasoft,旗下的主力产品Belkasoft Evidence Center有不错的评价,除了BEC之外,咱们Yuri老兄也是佛心来着的,提供了一个免费内存镜像工具RamCapture给同好们享用. 它有32bit及64bit版本,无须安装,直接运行即可.但须以系统管理者阅读全文

posted @ 2016-10-22 09:40 Pieces0310 阅读(1816) 评论(0) 推荐(0) 编辑

How to acquire an Android phone with locked bootloader?

摘要： As we know that some devices come with locked bootloaders like Sony, HUAWEI, hTC...If you try to unlock bootloader, the data would disappear!!! Take h 阅读全文

posted @ 2016-10-04 22:35 Pieces0310 阅读(435) 评论(0) 推荐(0) 编辑

Electronic Payment App analysis

摘要： Electronic Payment App is getting more and more popular now. People don't have to bring credit cards any more. All they need to do is using their smar 阅读全文

posted @ 2016-10-02 10:35 Pieces0310 阅读(356) 评论(0) 推荐(0) 编辑

"System Protection" is disabled in Win10 default settings

摘要： We could find some important clue in Restore Point because "System Protection" of volume C is enabled in Windows default settings. Lots of data in "My 阅读全文

posted @ 2016-09-27 22:13 Pieces0310 阅读(706) 评论(2) 推荐(0) 编辑

Life cycle of plist in Lockdown changes dramatically in iOS 10

摘要： We could take advantage of plist to bypass Trust Relationship so as to extract data from a iDevice. Now it becomes an impossible mission in iOS 10. As 阅读全文

posted @ 2016-09-26 15:08 Pieces0310 阅读(413) 评论(2) 推荐(0) 编辑

Linux VM acquisition

摘要： The evidence is a VM as below. The flat vmdk is the real disk, and the vmdk only 1kb is just a descriptor. As you could see that there is no vmx. What 阅读全文

posted @ 2016-09-25 11:05 Pieces0310 阅读(292) 评论(0) 推荐(0) 编辑

how to monitor system logs and export to files simultaneously

摘要： What will you do when you conduct a malware analysis on a smartphone? You will focus on running processes or services, and also you'll capture memory 阅读全文

posted @ 2016-09-24 15:32 Pieces0310 阅读(316) 评论(0) 推荐(0) 编辑

Device Path in WinPrefetchView

摘要： As we know that the Prefetch file is used for optimizing the loading time of the application in the next time that you run it. So we could know whethe 阅读全文

posted @ 2016-09-11 22:40 Pieces0310 阅读(373) 评论(0) 推荐(0) 编辑

Analyze network packet files very carefully

摘要： As a professional forensic guy, you can not be too careful to anlyze the evidence. Especially when the case is about malware or hacker. Protect your w 阅读全文

posted @ 2016-09-04 11:09 Pieces0310 阅读(347) 评论(0) 推荐(0) 编辑

公告

2016年10月31日

What's going on in background?

2016年10月22日

好用的內存鏡像工具Belkasoft RAM Capture

2016年10月4日

How to acquire an Android phone with locked bootloader?

2016年10月2日

Electronic Payment App analysis

2016年9月27日

"System Protection" is disabled in Win10 default settings

2016年9月26日

Life cycle of plist in Lockdown changes dramatically in iOS 10

2016年9月25日

Linux VM acquisition

2016年9月24日

how to monitor system logs and export to files simultaneously

2016年9月11日

Device Path in WinPrefetchView

2016年9月4日

Analyze network packet files very carefully