Week 04 – 2022

Appalachian4n6AirTags within iOS File Systems BelkasoftWhere did this chat come from? The ‘Origin path’ concept in Belkasoft X Blake’s R&DMachine Learning and ETW Cado SecurityTechnical Indicators of Ukrainian Website Defacements James Lovato at CrowdStrikeMind the MPLog: Leveraging Microsoft Protection Logging for Forensic Investigations Krzysztof Gajewski at CyberDefNerdCan Windows Update fool you during the investigation? Digital […]

Week 03 – 2022

Bart Butler at ProtonMailA breakdown of a DKIM replay attack James Merritt at CCL SolutionsRelativity Processing vs. Nuix Workstation Roman Ferdigg at CertitudeRansomware Actor May Have Leaked Their Previous Victims Craig Ball at ‘Ball in your Court’Electronic Evidence Workbook 2022 Paul Pratley and Mark Goudie at CrowdStrikeCrowdStrike Services Offers Incident Response Tracker for the DFIR […]

Week 02 – 2022

David Cowen at the ‘Hacking Exposed Computer Forensics’ blogDaily Blog #703: Looking back at AWS EBS Direct Block access API ThinkDFIRI can see and hear you seeing and hearing me! Alex Caithness at CCL SolutionsAndroid ABX – Binary XML Cheeky4n6Monkey and Michael LacombeMike & the Monkey Dumpster Dive Into Samsung Gallery3d App Trash Doug Metz […]

Week 01 – 2022

DFIR ReviewValidation of X-Ways Forensics Evidence File Containers Kibaffo33At the roundabout, take the second exit… Daniela Elmi Best of Digital Forensics Cheatsheet Security Logs Dr. Neal Krawetz at ‘The Hacker Factor Blog’Sharing Research Elcomsoft Breaking BestCrypt Volume Encryption 5 Digital Evidence in Encrypted Backups Forensafe Investigating Task Scheduler Investigating Remote Desktop Connection MRU Hal Pomeranz […]

2021 Wrap Up

And that’s a wrap for 2021! Was it better than 2020? Maybe a little? Down in Sydney we spent a bit longer in lock-down here – 3-4 months I think it was this time around, but otherwise life was “COVID normal”. I can empathise with those that were hit hardest by this all, and thankfully […]

Week 52 – 2021

Alexis Brignoni at ‘Initialization Vectors’Android Tor Browser Thumbnails. What? Adam at Hexacorn Mapping Chrome extension IDs to their names Putting .inf files and NSRL database to a better use AhnLabCase of Ransomware Infection in a Company Using Local Administrator Accounts Set with Same Password Blake’s R&DMonitoring File mods through ETW and Velociraptor Matt Muir at […]

Week 51 – 2021

Brandon Lee at 4sysopsRecover deleted emails in Microsoft 365 Ahmed MusaadGoogle Workspace Security Investigation Tool BelkasoftiCloud acquisition and analysis with Belkasoft X Doug Metz at Baker Street Forensics Adding RAM collections to KAPE Triage CSIRT-Collect USB Dr. Neal Krawetz at ‘The Hacker Factor Blog’Apple and Fraud Elcomsoft More on checkm8 and USB Hubs, Upcoming iPhone […]

Week 50 – 2021

Starting off by mentioning a fantastic initiative by Chris Sanders. Contributing to Rural Tech Fund and a foodbank of your choosing will help people and you may just win a significant prize in return.Win My Golden Ticket! Sal Aziz at Magnet ForensicsAnatomy of a Business Email Compromise Investigation Andrea GaravagliaOrochi meets YARA Chris SandersA Cognitive […]

This Month In 4n6 – November – 2021

A monthly wrap-up of the DFIR news for November 2021. Thank you to those Patreon donors for the last month. This project takes a lot of time, so it’s very much appreciated that people see enough value in it to contribute back 🙂 If you are a Patreon donor the show notes will be found here. Special […]

Week 49 – 2021

Joshua I. James at DFIRScienceiPhone forensics with Linux command line and bplister Forensafe Investigating Windows 10 Maps Investigating Computer Name Forensic-ResearchDigital Forensic Challenge 2020 [104] Jaron Bradley at The Mitten MacWhat does APT Activity Look Like on MacOS? Kyle Song Blog #32: Building a Forensic Environment with WSL & Chocolatey part 2. [EN] Blog #32: […]