_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
CS EN DE
Let's talk

Forensic Analysis Basics

29. 10. 2025 Updated: 24. 03. 2026 1 min read intermediate

Forensic analysis determines what happened, how it happened, and who is behind it. The key is preserving evidence integrity.

Chain of custody

  1. Document the finding (time, location, who)
  2. Hash evidence before analysis (SHA-256)
  3. Work on a copy, never on the original
  4. Record every step
  5. Store evidence securely

Key Tools

Disk image

dd if=/dev/sda of=disk.img bs=4M status=progress sha256sum disk.img > disk.img.sha256

Memory dump

sudo avml memory.dmp

Volatility — memory analysis

vol3 -f memory.dmp windows.pslist vol3 -f memory.dmp windows.netscan

Log analysis

grep -r “Failed password” /var/log/auth.log | sort | uniq -c | sort -rn

Linux forensics

Timeline

find / -newer /tmp/reference_time -print 2>/dev/null

Persistence

crontab -l ls -la /etc/cron.d/ systemctl list-unit-files –state=enabled

Network

ss -tulpn iptables -L -n

Key Takeaway

Hash evidence, work on a copy, document everything. Volatility for memory, dd for disks.

securityforensicsdfirincident response
Share:

CORE SYSTEMS team

We build core systems and AI agents that keep operations running. 15 years of experience with enterprise IT.

All articles

More know-how

WannaCry and Ransomware Defense — What We Learned

The May WannaCry attack paralyzed hospitals and companies worldwide. We analyze how ransomware works and how to...

Confidential Computing — Confidential Computations in the Cloud

Confidential Computing in 2026: TEE enclaves, encrypted memory, multi-party computation and practical deployment in...

IoT Security in Practice — How to Secure Thousands of Devices

IoT security architecture: device identity, secure boot, OTA updates, network segmentation. MQTT security,...

Jailbreak Prevention

Jailbreak prevention for LLMs and AI agents — security measures against misuse, detection of harmful prompts and...