Network Services Pentesting
Basic Forensic Methodology
Support HackTricks and get benefits!

Creating and Mounting an Image

Malware Analysis

This isn't necessary the first step to perform once you have the image. But you can use this malware analysis techniques independently if you have a file, a file-system image, memory image, pcap... so it's good to keep these actions in mind:

Inspecting an Image

if you are given a forensic image of a device you can start analyzing the partitions, file-system used and recovering potentially interesting files (even deleted ones). Learn how in:
Depending on the used OSs and even platform different interesting artifacts should be searched:

Deep inspection of specific file-types and Software

If you have very suspicious file, then depending on the file-type and software that created it several tricks may be useful. Read the following page to learn some interesting tricks:
I want to do a special mention to the page:

Memory Dump Inspection

Pcap Inspection

Anti-Forensic Techniques

Keep in mind the possible use of anti-forensic techniques:

Threat Hunting

Support HackTricks and get benefits!