Converting a memory image from raw to padded
Convert a Linux memory image from a raw (where the System RAM ranges have been concatenated together) to a padded image, provided the early boot messages were present in the kernel ring buffer at the time of imaging. Includes Python code to convert an image automatically. Update 2016-06-29: The code on Github has been updated… leer más
Recovering BitLocker Keys on Windows 8.1 and 10
A brief touch on how the changes to BitLocker after Windows 7 affect master key recovery and where to look when recovering keys. This article is not intended to be an in-depth look at the inner workings of BitLocker, but is instead focussed on retrieval of the Full Volume Encryption Key (FVEK) from memory. Key… leer más