DFIR

Digital forensics, incident response, and memory analysis notes.

Volatility - Hunting in Memory Lab 2

Advanced Volatility lab focused on detecting Linux rootkits (Diamorphine and Reptile) using kernel module analysis, syscall table verification, and inline hook detection.

March 29, 2026 →

DFIR Lab - REvil/Sodinokibi Ransomware Incident Response

Digital forensics and incident response lab investigating a REvil/Sodinokibi ransomware attack, covering initial access, privilege escalation, lateral movement, credential theft, and encryption using Splunk log analysis and malware analysis techniques.

April 1, 2026 →

Volatility Memory Analysis: Hunting .NET Malware

Memory forensics exercise using Volatility to hunt for .NET malware, hidden processes, injected code, suspicious drivers, and Meterpreter/Mimikatz/Emotet indicators in a Windows 10 memory dump.

April 1, 2026 →