Thank you for thoses very userfull informarions. I have a question concerning the first command plist you explain : when you get the list of process, why do you find that reader_sl suspicious ? What are the criteria that put you on the way ? Thank you, you have one more suscriber ;-)
Hi, First a fall i congratulate you for all your efforts for making video and make us to understand better regarding the cyber security. It helped me in my carrier.I Have seen many of you videos and currently I'm learning forensic and building our own environment in our organization.I have few Question related to that, i hope you will answer those I use FTK imager to take volatility image. 1. In your video i can see you are getting the profile and you choose a profile to load but in my case i took a volatility image of Windows 10 64bit system and i can see may profiles in that i selected each and every profile which was listed in that profile but none of the proflile was giving me results. Can you please help me on this i is i am missing anything while collecting the memory image or is there any other reason for that. your answer will help to build my forensic environment.
Please make a video series named CYBER CRIME INVESTIGATION with FORENSICS : Real Case Scenarios and Techniques to Solve Case :) Your videos are very nice sir.
Hi, i have a question. When you put in command pstree, how do you know there is something wrong with the explorer.exe and the file under it? Many of the tutorials that I watched didn't really explain how they detected which file is suspicious, so it confuses me
Hello sir, this video is very much useful. I need your help in preparing a standard operating procedure for live volatile memory analysis. Could you plz share the template for the same.
This is a great channel that I have come across. To make Cyber Security Analyst life easier do you provide any type of coaching (online) ? If yes then please do let me know. I would be happy to join you and share your knowledge. Since this is the latest video in the channel I hope you read and revert back :)
Hi Abhinav , thankyou for the feed back. My main goal from this channel is to help cyber security analysts like us, and any one who wish to enter this field. I have some plans to take this forward. Will share with you all on a Future video.
@@HackeXPlorerI'm currently working as a Cyber Security Analyst. Your video helped me to a great extent . When can I expect a video about the coaching details?
I have tried taking dumps from Windows 10 version 1803, 1809, 1903,1909,2004, 1703 using dumpit and ftk imager. Volatility does not give a profile suggestion for any of them when I use the 'imageinfo' plugin. Do you know some workarounds ?
@@HackeXPlorer I need to create script in volshell volatility that verifies the process DOS Header and dumps it, I'm having difficulties completing this task
Hi Javed, you don't need to use Dump it for this, just suspend the VM and look for the *.VMEM file This article will help you www.andreafortuna.org/2019/04/03/how-to-analyze-a-vmware-memory-image-with-volatility/
Hi Javed, if you have problems with Dumpit do the following , just suspend the VM and look for the *.VMEM file This article will help you www.andreafortuna.org/2019/04/03/how-to-analyze-a-vmware-memory-image-with-volatility/
You just got another subscriber. Thank you so much for this video which will help me immensely with my BTL certification.
love love love, please keep rolling out this videos. thank u
still very useful this days. Thanks!
Tks, I'm begining using Volatility and this helps a lot, tks sir
Great overview of Volatility & the plugins
Thank you, happy that the content helped you 👍
Thank you for thoses very userfull informarions. I have a question concerning the first command plist you explain : when you get the list of process, why do you find that reader_sl suspicious ? What are the criteria that put you on the way ? Thank you, you have one more suscriber ;-)
Hi,
First a fall i congratulate you for all your efforts for making video and make us to understand better regarding the cyber security. It helped me in my carrier.I Have seen many of you videos and currently I'm learning forensic and building our own environment in our organization.I have few Question related to that, i hope you will answer those
I use FTK imager to take volatility image.
1. In your video i can see you are getting the profile and you choose a profile to load but in my case i took a volatility image of Windows 10 64bit system and i can see may profiles in that i selected each and every profile which was listed in that profile but none of the proflile was giving me results.
Can you please help me on this
i is i am missing anything while collecting the memory image or is there any other reason for that.
your answer will help to build my forensic environment.
Thanks, now I have an idea what this does .
Thank you for this detailed valuable information. And thanks for your help. I just subscribed!
Excellent video. Thanks for all the info!
Just loved your explanation. Keep up and please share more videos #DFIR
really well explained, thank you very much for this tutorial!
Great video!
Please make a video series named CYBER CRIME INVESTIGATION with FORENSICS : Real Case Scenarios and Techniques to Solve Case :) Your videos are very nice sir.
Thankyou for the valueble suggestions, I am actually trying to help analysts with real life investigations. Awesome tip 👍👍
Great tutorial, thank you for making this. 👍
My pleasure!
Wow great tutorial need More video sir .
Thankyou Jatin 👍
This is really good 👍
Hi, i have a question. When you put in command pstree, how do you know there is something wrong with the explorer.exe and the file under it?
Many of the tutorials that I watched didn't really explain how they detected which file is suspicious, so it confuses me
Hello sir, this video is very much useful. I need your help in preparing a standard operating procedure for live volatile memory analysis. Could you plz share the template for the same.
Great and what is the name of the tool that you were using for executing commands
CMDER - Console Emulator
cmder.net
Tolls used and the download link are available in the description.
This is a great channel that I have come across. To make Cyber Security Analyst life easier do you provide any type of coaching (online) ? If yes then please do let me know. I would be happy to join you and share your knowledge. Since this is the latest video in the channel I hope you read and revert back :)
Hi Abhinav , thankyou for the feed back. My main goal from this channel is to help cyber security analysts like us, and any one who wish to enter this field. I have some plans to take this forward. Will share with you all on a Future video.
@@HackeXPlorerI'm currently working as a Cyber Security Analyst. Your video helped me to a great extent . When can I expect a video about the coaching details?
Thanks
Thanks and bravo
Cheers, thanks Muvi 😊
I can't download anything from the volatilityfoundation site and don't know where to download DumpIt from. Any help?
Should be ok now
I have tried taking dumps from Windows 10 version 1803, 1809, 1903,1909,2004, 1703 using dumpit and ftk imager. Volatility does not give a profile suggestion for any of them when I use the 'imageinfo' plugin. Do you know some workarounds ?
Try this git hub repo
github.com/volatilityfoundation/volatility/wiki/2.6-Win-Profiles
ruclips.net/video/Us1gbPqtdtY/видео.html
Do you have any idea how to do memory forensics for routers
Excellent video you should make a Udemy course
Thank you for the suggestion.
i can not open. Error The requested file doesn't exist. please helpl me.
Do provide any online malware foresenic service? Desperately needed.
Hi what type of a service are you looking for?
Hello sir. Make a demo how fmem works too.
Sure Frank, thankyou for the suggestion 👍
Hello sir. Show us how selks works. Thanks!
just had a look on it, a suricata based IPS right? did you have a look at Security onion?
Hello Sir is it possible to contact you somehow ?
Hi there, how can I help you, Martin?
@@HackeXPlorer I need to create script in volshell volatility that verifies the process DOS Header and dumps it, I'm having difficulties completing this task
Show us how dump.vmem file with Dumpit please
Hi Javed, you don't need to use Dump it for this, just suspend the VM and look for the *.VMEM file
This article will help you
www.andreafortuna.org/2019/04/03/how-to-analyze-a-vmware-memory-image-with-volatility/
Hi, I’m using in real machine and Dumpit provide me .raw file. Can i use it with volatility. Thanks for your replay
symbol line sandbox analysis
Dumpit do not get file in .vmem file
Hi Javed, if you have problems with Dumpit do the following ,
just suspend the VM and look for the *.VMEM file
This article will help you
www.andreafortuna.org/2019/04/03/how-to-analyze-a-vmware-memory-image-with-volatility/
Do you have any idea how to do memory forensics for routers