Shlomi Boutnaru, Ph.D.The Windows Process Journey — “certutil.exe” (Digital Certificate Utility)“certutil.exe” (Digital Certificate Utility) is a binary PE file located at “%windir%\system32\certutil.exe”. On 64-bit versions of…2h ago2h ago
Shlomi Boutnaru, Ph.D.The Windows Process Journey — “cofire.exe” (Corrupted File Recovery Client)“cofire.exe” (Corrupted File Recovery Client) is a PE binary located in “%windir%\System32\cofire.exe”. On 64-bit versions of Windows…23h ago23h ago
Shlomi Boutnaru, Ph.D.The Linux Concept Journey — Uninterruptible ProcessIn the Linux realm we have two types of waiting processes: “interruptible processes” and “uninterruptible processes”. In general this type…2d ago2d ago
Shlomi Boutnaru, Ph.D.The Linux Concept Journey — “/proc/kcore” (Kernel ELF Core Dumper)Basically, “/proc/kcore” is a file which is part of the the “/proc” pseudo file-system which is used for process information\system…3d ago3d ago
Shlomi Boutnaru, Ph.D.The Windows Security Journey — PEL (Protected Event Logging)“Protected Event Logging” is a new security feature added in Windows 10. Its goal is to use encryption in order to protect sensitive data…4d ago4d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — Windows TimelineThe “Windows Timeline” feature was introduced as part of Windows 10 (version 1803). By using these features a user can checkout current…5d ago5d ago
Shlomi Boutnaru, Ph.D.The Linux Concept Journey — Pipe File (aka Named Pipe/FIFO)As we know the philosophy of Linux is that “Everything is a file”. However, not all files are created equally…5d ago5d ago
Shlomi Boutnaru, Ph.D.The Linux Concept Journey — Regular FileAs we know the philosophy of Linux is that “Everything is a file”. However, not all files are created equally. As you know there are seven…Jul 17Jul 17
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — Windows Recall’s ArtifactsIn general, we can use “Windows Recall” to retrace things that they have done on a specific Windows system. Those points in time are shown…Jul 15Jul 15