:: hiddenillusion :: ... look beyond

Go Prefetch Yourself


If you’re reading this then I’m sure you’re aware of what Prefetch on a Windows system is so I won’t bore you with a recap. Instead, I’d rather touch upon a different view of Prefetch and how I’ve leveraged it in non-traditional ways during my forensicating. Occasionally I’ve come...

Continue reading »

Rewriting/Anonymizing Artifacts


Have you ever had the need to anonymize or rewrite some data in an artifact for a blog post, paper, presentation, interview etc.? What were the artifacts, what were the requirements and how did you go about tackling the situation at hand? I’ve had to do this a few...

Continue reading »

Bruteforcing XOR with YARA


In a previous post I looked at coming up with a process for determining XOR keys that were 256 bytes. I’ve received and have read some great feedback/posts regarding the tool and even though I wrote it in such a way to try and still possibly see patterns/repetitive bytes...

Continue reading »

AnalyzePDF - Bringing the Dirt Up to the Surface

What is that thing they call a PDF?

The Portable Document Format (PDF) is an old format … it was created by Adobe back in 1993 as an open standard but wasn’t officially released as an open standard (SIO 32000-1) until 2008 - right @nullandnull? I can’t take credit for...

Continue reading »

OMFW & OSDFC recap

General Notes

I attended both the Open Memory Forensics Workshop (OMFW) and the Open Source Digital Forensics Conference (OSDFC) for the first time last year and just like I said last year - they’re both set as recurring events on my calendar now. I was told that my tweets and...

Continue reading »