As I stated in the post about Synology in VirtualBox, I wondered about forensic analysis of Synology NAS, especially about memory acquisition. As a part of preparation phase, I had to figure out how to create a Synology VM, because I did not have access to real Synology HW. Then I found the way how to create a memory dump in DSM 6.1.7 (from May 2018), but I wanted to verify my approach also in real HW with up-to-date version of DSM.

I wondered about forensic analysis of Synology NAS, especially how to create a memory dump, but unfortunately, I was not able to find any useful howtos. I had to try it myself, but as a 1st step I needed a running instance of Synology DSM (DiskStation Manager, the web-based OS running on Synology NAS). Because I do not have any real HW Synology NAS, I decided to try it as a Virtual Machine.

Some people asked me what tools can be useful for Incident Response and for the CSIRT/CERT teams, so I decided to prepare list of such tools and seize the opportunity of the Open Source Weekend in Košice, Slovakia on 19th October. The motivation behind this list is help to enthusiasts and new teams to prepare and/or strengthen technical equipment needed for incident response with minimal costs. On the other hand, the participation of clever and engaged people is always required for similar tasks in cybersecurity, and use of Open Source and Free(ware) tools can have some caveats with need of more tinkering or adjustments.