• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

Sibertor Forensics

Digital Forensic Services

A digital forensic service company specializing in incident response support, incident response policy development and team mentoring, intrusion investigations, data recovery, employee investigations and expert witness testimony. (855) GO-1-DFIR
855-461-3347
  • Home
  • Capabilities
  • About
  • Contact
  • Blog

Rekall

Building a New Profile in Rekall 1.5.3+

By Alissa Torres on January 17, 2017

Today I created a new profile for one of my Windows 10 memory image. Because the currently posted instructions found here cover older versions of Rekall, I am sharing the step-by-step for Rekal 1.5.3 using the new syntax.

Step 1. Identify the kernel version with version_scan.

Step 2. Download the specific kernel symbols to the target directory with fetch_pdb.

Step 3. Create the .json profile with the downloaded kernel symbols with parse_pdb.

Step 4. Use newly added profile for target memory image.

Primary Sidebar

Recent Posts

  • Overview of Windows 10
  • Building a New Profile in Rekall 1.5.3+
  • Incident Response – How to Fight Back
  • Building a World-Class Security Operations Center
  • A Race to Detection

Categories

  • Rekall
  • Sibertor Blog
  • Uncategorized
  • White Paper

Tags

Incident Response Rekall Security Operations Sibertor Blog Windows 10

Incident Response Support
Incident Response Policy Development and Team
Mentoring
Intrusion Investigations
Data Recovery
Employee Investigations
Expert Witness Testimony

  • Capabilities
  • About
  • Contact
  • Blog
  • LinkedIn

© Copyright Sibertor Forensics, LLC · All Rights Reserved · Site by JumpGraphix