Blog

Some Use Cases and Discussion
Close
Enter your
text here
WindowsSCOPE Cyber Forensics 3.2 Now Available
 WindowsSCOPE Cyber Forensics 3.2 Now Available 150 150 WindowsSCOPE
4

A new version of WindowsSCOPE Cyber Forensics is now available. WindowsSCOPE version 3.2 now includes support for the latest versions of Windows operating systems through Windows 10. Also included with version 3.2 is WindowsSCOPE’s data…

read more
Automated Rootkit Detection with ThreatSCOPE
 Automated Rootkit Detection with ThreatSCOPE 1024 503 WindowsSCOPE
0

This article will show how you can use the ThreatSCOPE feature of WindowsSCOPE to detect rootkits installed on a system. One of the difficulties in detecting rootkits and other advanced malware is that they’re often…

read more
WindowsSCOPE Cyber Forensics Ultimate 64-Bit Now Available
 WindowsSCOPE Cyber Forensics Ultimate 64-Bit Now Available 150 150 WindowsSCOPE
0

The latest addition to the WindowsSCOPE product lineup, Cyber Forensics Ultimate, is now available at the online store. This new version incorporates all the interactive features of previous versions, including system-wide disassembly and control flow…

read more
New WindowsSCOPE Product – CaptureGUARD Gateway
 New WindowsSCOPE Product – CaptureGUARD Gateway WindowsSCOPE
0

WindowsSCOPE now offers PCI Express and ExpressCard platforms capable of imaging physical memory and providing other cyber security related capabilities even in locked computers.  CaptureGUARD Gateway can be customized for various advanced cyber security and…

read more
Bypassing Windows Login Passwords with CaptureGUARD Gateway for Forensic Acquisition
 Bypassing Windows Login Passwords with CaptureGUARD Gateway for Forensic Acquisition 648 395 WindowsSCOPE
0

Live memory acquisition is becoming increasingly important for digital investigations. One of the biggest obstacles with memory acquisition, however, is that in many cases a computer under investigation is locked, requiring a password that is…

read more
New WindowsSCOPE Memory Forensics Training Videos Available
 New WindowsSCOPE Memory Forensics Training Videos Available 150 150 WindowsSCOPE
0

Two new tutorial videos are now publicly available on the WindowsSCOPE websiite – “Using WindowsSCOPE to Investigate 64-Bit Virtual Memory Management” and “Using WindowsSCOPE to Analyze the Shadow Walker Rootkit”. With 64-bit computers becoming increasingly…

read more
Reverse Engineering the Vanquish Rootkit – Part 2
 Reverse Engineering the Vanquish Rootkit – Part 2 1024 538 WindowsSCOPE
0

If you followed our prior post on the Vanquish rootkit, you might remember how we identified anomalies in a system that led us to finding a Vanquish rootkit infection. You can go back to Part…

read more
Reverse Engineering the Vanquish Rootkit – Part 1
 Reverse Engineering the Vanquish Rootkit – Part 1 502 703 WindowsSCOPE
0

The first warning sign that we noticed in this snapshot was in the process for cmd.exe (this is for a Windows command line window). See below for a screenshot of the contents of this process:

read more
Introduction to Windows Kernel: Review IDT, SSDT and other Structures
 Introduction to Windows Kernel: Review IDT, SSDT and other Structures 150 150 WindowsSCOPE
0

You can access the video here.

read more
Introduction to WindowsSCOPE Live
 Introduction to WindowsSCOPE Live 727 447 WindowsSCOPE
0

Step 1 – Setting up your WindowsSCOPE Live Server The first step in getting WindowsSCOPE Live running is to download and install the WindowsSCOPE Live server. You can get the server on the WindowsSCOPE downloads…

read more