Category Archives: Forensics

Windows Memory Forensics

Let’s begin with an image: Yep. That’s an icon. In an executable. In a process address space. In a raw memory dump. And here is the video demonstration: This is just a proof-of-concept. We still haven’t decided whether to develop … Continue reading

Posted in Demo, Forensics, Profiler | Tagged , | 3 Comments

Torrent Support

Following our recent introduction to Scan Providers, here’s a first implementation example. In this post we’ll see how to add support for Torrent files in Profiler. Of course, the implementation shown in this post will be available in the upcoming … Continue reading

Posted in Forensics, Profiler | Tagged , , | Comments Off on Torrent Support

Raw File System Analysis (FAT32 File Recovery)

This post isn’t about upcoming features, it’s about things you can already do with Profiler. What we’ll see is how to import structures used for file system analysis from C/C++ sources, use them to analyze raw hex data, create a … Continue reading

Posted in Forensics, Headers, Hooks, Layouts, Logic Providers, Profiler, Python | Tagged , | Comments Off on Raw File System Analysis (FAT32 File Recovery)

SQLite3 support and inspection of free pages

The upcoming 1.0.0 version of the Profiler introduces support for SQLite3 databases. You’ll see that even viewing large tables is pleasantly fast. The SQL table control is available to the Python SDK as well: it can either be created via … Continue reading

Posted in Forensics, Profiler, SQLite3 | Tagged , | 2 Comments