Shlomi Boutnaru, Ph.D.The Linux Concept Journey — “/proc/kcore” (Kernel ELF Core Dumper)Basically, “/proc/kcore” is a file which is part of the the “/proc” pseudo file-system which is used for process information\system…3h ago3h ago
Shlomi Boutnaru, Ph.D.The Windows Security Journey — PEL (Protected Event Logging)“Protected Event Logging” is a new security feature added in Windows 10. Its goal is to use encryption in order to protect sensitive data…1d ago1d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — Windows TimelineThe “Windows Timeline” feature was introduced as part of Windows 10 (version 1803). By using these features a user can checkout current…2d ago2d ago
Shlomi Boutnaru, Ph.D.The Linux Concept Journey — Pipe File (aka Named Pipe/FIFO)As we know the philosophy of Linux is that “Everything is a file”. However, not all files are created equally…2d ago2d ago
Shlomi Boutnaru, Ph.D.The Linux Concept Journey — Regular FileAs we know the philosophy of Linux is that “Everything is a file”. However, not all files are created equally. As you know there are seven…4d ago4d ago
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — Windows Recall’s ArtifactsIn general, we can use “Windows Recall” to retrace things that they have done on a specific Windows system. Those points in time are shown…6d ago6d ago
Shlomi Boutnaru, Ph.D.The Windows Process Journey — “WerFault.exe” (Windows Problem Reporting)“WerFault.exe” is a PE binary located at “%windir%\system32\WerFault..exe”. On 64-bit systems there is also a 32-bit version of the binary…Jul 13Jul 13
Shlomi Boutnaru, Ph.D.The Windows Concept Journey — “Windows Search”“Windows Search” is an operating system service (https://medium.com/@boutnaru/windows-services-part-2-7e2bdab5bce4) — as shown in the…Jul 11Jul 11
Shlomi Boutnaru, Ph.D.The Windows Forensic Journey — MUICache (Multilingual User Interface Cache)MUI (Multilingual User Interface Cache) is a technology that is used for enabling multilingual user experiences without the need of…Jul 11Jul 11