Category: Digital Forensics & Incident Response

Building a Cuckoo Sandbox

Posted on By A.McHugh 1 Comment on Building a Cuckoo Sandbox

Sometimes there is a need to analyse files in a live environment where their composition and provenance may not be entirely certain. For the most part we can try to reply on virus detection and heuristics to detect potentially malicious files, but what about those files which have not yet been identified, or have been specifically crafted for your organisation as a targeted attack?

Note: I have updated this article to reflect the current installation requirements for Cuckoo on Ubuntu 18.04 (as at 22nd Feb 2021).

Read More “Building a Cuckoo Sandbox” »

Build, Digital Forensics & Incident Response

Extracting RAM from VirtualBox session

Posted on By A.McHugh No Comments on Extracting RAM from VirtualBox session

Over the last few months I have been playing with Cuckoo, and reworking its function to suit my own requirements. Part of this has involved the separation of components within Cuckoo into functional units. This particular component relates to extracting the RAM from a VirtualBox machine for analysis after ceasing the VM. For this to…

Read More “Extracting RAM from VirtualBox session” »

Digital Forensics & Incident Response, Operate