Digital Forensic with Mosarof

Digital Forensic with Mosarof

Share

Photos from Digital Forensic with Mosarof's post 17/12/2025

🔍 āφāĻĒāύāĻžāϰ āĻ•āĻŽā§āĻĒāĻŋāωāϟāĻžāϰ āĻ•āĻŋ āĻšā§āϝāĻžāĻ•āĻžāϰ āĻĻā§āĻŦāĻžāϰāĻž āφāĻ•ā§āϰāĻžāĻ¨ā§āϤ? Hidden Script āĻŦāĻž Malware āφāϛ⧇ āĻ•āĻŋ āύāĻžâ€”Digital Forensics āĻĻāĻŋā§Ÿā§‡ āϏ⧂āĻ•ā§āĻˇā§āĻŽāĻ­āĻžāĻŦ⧇ āϝāĻžāϚāĻžāχ

āĻ…āύ⧇āĻ• āϏāĻŽā§Ÿ āφāĻŽāϰāĻž āĻŸā§‡āϰ āĻĒāĻžāĻ‡â€”āĻ•āĻŽā§āĻĒāĻŋāωāϟāĻžāϰ āĻšāĻ āĻžā§Ž slow, PowerShell āύāĻŋāĻœā§‡ āύāĻŋāĻœā§‡ āϚāĻžāϞ⧁ āĻšā§Ÿ, āχāĻ¨ā§āϟāĻžāϰāύ⧇āϟ āĻĄā§‡āϟāĻž āĻ…āĻ¸ā§āĻŦāĻžāĻ­āĻžāĻŦāĻŋāĻ•āĻ­āĻžāĻŦ⧇ āĻŦā§āϝāĻŦāĻšāĻžāϰ āĻšā§ŸāĨ¤
āύāĻŋāĻœā§‡ āĻ•āĻŋāϛ⧁ āύāĻž āĻ•āϰāϞ⧇āĻ“ āĻŽāύ⧇ āĻšā§Ÿ āĻĒ⧇āĻ›āύ⧇ āĻ•āĻŋāϛ⧁ āϚāϞāϛ⧇āĨ¤ āĻāχ āĻ…āĻŦāĻ¸ā§āĻĨāĻžā§Ÿ āφāĻ¨ā§āĻĻāĻžāϜ āĻ¨ā§Ÿâ€”Digital Forensics āĻĻāĻŋā§Ÿā§‡ evidence āĻĻ⧇āϖ⧇ āϏāĻŋāĻĻā§āϧāĻžāĻ¨ā§āϤ āύāĻŋāϤ⧇ āĻšā§ŸāĨ¤

āύāĻŋāĻšā§‡ āĻāĻ•āϟāĻŋ āĻŦāĻžāĻ¸ā§āϤāĻŦāϧāĻ°ā§āĻŽā§€ forensic investigation flow āĻĻ⧇āĻ“ā§ŸāĻž āĻšāϞ⧋, āϝ⧇āĻ–āĻžāύ⧇ āĻĒā§āϰāϤāĻŋāϟāĻž āϧāĻžāĻĒ⧇ āϕ⧋āύ āĻ•āĻžāĻœā§‡āϰ āϜāĻ¨ā§āϝ āϕ⧋āύ tool āĻŦā§āϝāĻŦāĻšāĻžāϰ āĻšā§ŸāĨ¤

🔹 Running Process āĻ“ Hidden Script Check
āĻ•āĻžāϜ: āĻŦāĻ°ā§āϤāĻŽāĻžāύ⧇ āϕ⧋āύ process āϚāϞāϛ⧇, āϕ⧋āύ⧋ hidden script āĻŦāĻž malware active āφāϛ⧇ āĻ•āĻŋ āύāĻž āϝāĻžāϚāĻžāχ āĻ•āϰāĻžāĨ¤
Tools:
â€ĸ Process Explorer (Sysinternals)
→ āϕ⧋āύ process āϕ⧋āĻĨāĻž āĻĨ⧇āϕ⧇ āϚāĻžāϞ⧁ āĻšā§Ÿā§‡āϛ⧇
→ parent–child relationship
→ PowerShell / CMD silently run āĻšāĻšā§āϛ⧇ āĻ•āĻŋ āύāĻž
â€ĸ Process Hacker
→ detailed process behavior
→ suspicious memory usage
📌 āĻāĻ–āĻžāύ⧇ āĻŦā§‹āĻāĻž āϝāĻžā§Ÿ āϕ⧋āύ⧋ āĻ…āϜāĻžāύāĻž executable āĻŦāĻž script background-āĻ āϚāϞāϛ⧇ āĻ•āĻŋ āύāĻžāĨ¤

🔹 PowerShell Activity Investigation
āĻ•āĻžāϜ: PowerShell āĻĻāĻŋā§Ÿā§‡ āϕ⧋āύ⧋ script āĻŦāĻž command execute āĻšā§Ÿā§‡āϛ⧇ āĻ•āĻŋ āύāĻž āĻŦ⧇āϰ āĻ•āϰāĻžāĨ¤
Tools:
â€ĸ Windows Event Viewer
→ PowerShell Operational Logs
→ Event ID 4104 (script block logging)
â€ĸ PowerShell Console History
→ recent commands review
📌 āĻāĻ–āĻžāύ āĻĨ⧇āϕ⧇ āϜāĻžāύāĻž āϝāĻžā§Ÿ PowerShell āĻ•āĻ–āύ, āϕ⧀ command āĻĻāĻŋā§Ÿā§‡ āϚāĻžāϞ⧁ āĻšā§Ÿā§‡āĻ›ā§‡â€”user āύāĻž scriptāĨ¤

🔹 USB Pendrive / External Device Trace
āĻ•āĻžāϜ: āϕ⧋āύ⧋ unauthorized USB device āĻŦā§āϝāĻŦāĻšāĻžāϰ āĻšā§Ÿā§‡āϛ⧇ āĻ•āĻŋ āύāĻž āĻļāύāĻžāĻ•ā§āϤ āĻ•āϰāĻžāĨ¤
Tools:
â€ĸ USBDeview (NirSoft)
→ āϕ⧋āύ USB device connect āĻšā§Ÿā§‡āĻ›āĻŋāϞ
→ first use & last use time
→ device serial number
â€ĸ Registry Analysis (SYSTEM hive)
→ historical USB traces
📌 USB-based malware āĻŦāĻž data copy-āĻāϰ evidence āĻāĻ–āĻžāύ⧇āχ āϧāϰāĻž āĻĒā§œā§‡āĨ¤

🔹 Network Activity & External Connection Check
āĻ•āĻžāϜ: āĻ•āĻŽā§āĻĒāĻŋāωāϟāĻžāϰ āĻŦāĻžāχāϰ⧇ āϕ⧋āĻĨāĻžāĻ“ suspicious communication āĻ•āϰāϛ⧇ āĻ•āĻŋ āύāĻž āϝāĻžāϚāĻžāχ āĻ•āϰāĻžāĨ¤
Tools:
â€ĸ TCPView (Sysinternals)
→ āϕ⧋āύ application āϕ⧋āύ IP-āϤ⧇ connect āĻ•āϰāϛ⧇
â€ĸ Wireshark
→ packet capture
→ suspicious traffic analysis
â€ĸ Netstat (built in)
→ active connections
📌 Unknown IP āĻŦāĻž foreign server-āĻ āύāĻŋ⧟āĻŽāĻŋāϤ connection āĻŦ⧜ red flagāĨ¤

🔹 Persistence & Auto Start Mechanism Check
āĻ•āĻžāϜ: reboot-āĻāϰ āĻĒāϰ malware āφāĻŦāĻžāϰ āϚāĻžāϞ⧁ āĻšāĻšā§āϛ⧇ āĻ•āĻŋ āύāĻž āĻĻ⧇āĻ–āĻžāĨ¤
Tools:
â€ĸ Autoruns (Sysinternals)
→ startup program
→ scheduled task
→ service & registry auto run
â€ĸ Task Scheduler
→ hidden or suspicious tasks
📌 Malware āϏāĻžāϧāĻžāϰāĻŖāϤ āĻāĻ–āĻžāύ⧇āχ āϞ⧁āĻ•āĻŋā§Ÿā§‡ āĻĨāĻžāϕ⧇āĨ¤

🔹 Timeline Creation & Evidence Correlation
āĻ•āĻžāϜ: āϏāĻŦ evidence āĻāĻ•āϏāĻžāĻĨ⧇ āĻŽāĻŋāϞāĻŋā§Ÿā§‡ āĻĒ⧁āϰ⧋ āϘāϟāύāĻžāϰ āϏāĻŽā§ŸāĻ•ā§āϰāĻŽ āϤ⧈āϰāĻŋ āĻ•āϰāĻžāĨ¤
Tools:
â€ĸ Plaso (log2timeline)
→ multi source timeline
â€ĸ Manual Timeline (Excel / Notes)
→ beginner-friendly approach
📌 Example:
â€ĸ 11:02 – USB connected
â€ĸ 11:05 – Unknown exe created
â€ĸ 11:06 – PowerShell executed
â€ĸ 11:07 – External IP connection
āĻāϟāĻžāχ forensic proofāĨ¤

âš ī¸ āϗ⧁āϰ⧁āĻ¤ā§āĻŦāĻĒā§‚āĻ°ā§āĻŖ Digital Forensic Rule
â€ĸ ❌ āϏāϰāĻžāϏāϰāĻŋ delete / format āύ⧟
â€ĸ ✅ āφāϗ⧇ evidence collect → analyze → decision
â€ĸ Forensics āĻŽāĻžāύ⧇ fix āύ⧟, first understand

đŸŽ¯ āϕ⧇āύ āĻāχ āĻ¸ā§āĻ•āĻŋāϞ āĻĻāϰāĻ•āĻžāϰ?
āĻāχ investigation skill āĻĨāĻžāĻ•āϞ⧇ āφāĻĒāύāĻŋ āĻŦ⧁āĻāϤ⧇ āĻĒāĻžāϰāĻŦ⧇āύ:
â€ĸ āφāĻĒāύāĻžāϰ āĻ•āĻŽā§āĻĒāĻŋāωāϟāĻžāϰ compromise āĻšā§Ÿā§‡āϛ⧇ āĻ•āĻŋ āύāĻž
â€ĸ āϕ⧋āύ⧋ illegal āĻŦāĻž hidden activity āϚāϞāϛ⧇ āĻ•āĻŋ āύāĻž
â€ĸ attacker āϕ⧀āĻ­āĻžāĻŦ⧇ āĻĸ⧁āϕ⧇āϛ⧇ āĻāĻŦāĻ‚ āϕ⧀ āĻ•āϰ⧇āϛ⧇

āĻŦāĻžāĻ‚āϞāĻžāĻĻ⧇āĻļ⧇ āĻāχ āϧāϰāύ⧇āϰ Digital Forensics skill āĻāĻ–āύ⧋ āϖ⧁āĻŦ āĻ•āĻŽ, āĻ•āĻŋāĻ¨ā§āϤ⧁ āĻāϰ demand āĻĻā§āϰ⧁āϤ āĻŦāĻžā§œāϛ⧇āĨ¤
– Digital Forensics with Mosarof 🔍

Want your school to be the top-listed School/college in Dhaka?
Click here to claim your Sponsored Listing.

Category

Address

RK Mission Road, Motijheel
Dhaka
1000