Week 48 – 2020

Alexander JägerGarmin .Fit file Forensics Andrea Fortuna at ‘So Long, and Thanks for All the Fish’iOS Forensic: full disk acquisition using checkra1n jailbreak Heather Mahalik at CellebriteKeyword Searching in Cellebrite BlackLight Content Search Cheeky4n6MonkeyiOS14 Maps History BLOB Script Giuseppe Scalzi at Compass SecurityThe “Volatility Triage App” for Splunk Danny Henderson JrSANS Community CTF November — Network Challenge […]

Week 47 – 2020

Chris at AskCleesSQLite Databases at hex level Craig Ball at ‘Ball in your Court’The Metadata Vanishes DFIR Review How Android Bluetooth Connections Can Determine if a Driver had Their Hands on the Wheel During an Accident Can Google Takeout Location Data Be Trusted? How to Use iOS Bluetooth Connections to Solve Crimes Faster Can You […]

Week 46 – 2020

Andrea Fortuna at ‘So Long, and Thanks for All the Fish’Linux Forensics: Memory Capture and Analysis Heather Mahalik at CellebriteHow To Use Cellebrite Physical Analyzer’s New Cloud Feature Dany at DigitellaWireshark for Network Forensics! Deepak KumarDigital Forensics Corner 1 Elcomsoft iOS 14.2, iOS 12.4.9, the Updated checkra1n 0.12 Jailbreak and File System Extraction Elcomsoft and […]

Week 45 – 2020

Heather Mahalik at CellebriteHow To Isolate And Filter Volume Shadow Copies In Cellebrite Blacklight Chris HoganDigital Forensic Efficiencies and Effectiveness with AWS and Open Source Elcomsoft Breaking Intuit Quicken and QuickBooks Passwords in 2021 Protecting iMessage Communications Forensic Focus Research Roundup: Communicating Uncertainty In Digital Forensics Results Automated Control Logic Forensics In Industrial Control Systems […]

This Month In 4n6 – October – 2020

A monthly wrap-up of the DFIR news for October 2020. Thank you to those Patreon donors for the last month. This project takes a lot of time, so it’s very much appreciated that people see enough value in it to contribute back 🙂 If you are a Patreon donor the show notes can be found here. Special […]

Week 44 – 2020

Our first (non-beta) run of the FOR308 class is running this week with Jason Jordaan at DFIRCON, very exciting!Why did you developed the SANS FOR308:Digital Forensics Essentials course? Brett Shavers at DFIR TrainingArsenal’s Bypass Data Protection API (DPAPI) Cellebrite How to Use Cellebrite Physical Analyzer’s New Image Classification Feature Stopping criminal activity in prisons with […]

Week 43 – 2020

Share the Mic In Cyber is on again, check it out on Twitter! Arsenal ReconRevisiting Accessing Protected Content using Windows Domain Controllers and Workstations Ben Eichorst at AWS SecurityHow to automate incident response in the AWS Cloud for EC2 instances CCL GroupIndexedDB on Chromium Cellebrite Join The First Cellebrite Capture the Flag (CTF) Event Accessing […]

Week 42 – 2020

Jason Jordaan, one of my FOR308 coauthors, has shared his thoughts about our class. You can take the class with Jason at DFIRCON in November! Why should you take the FOR308: Digital Forensics Essentials? We answer this question and more. Building a House on Sand – Why Foundational Knowledge and Skills in Digital Forensics are […]

Week 41 – 2020

Andrea Fortuna at ‘So Long, and Thanks for All the Fish’How to extract sysdiagnose logs for forensic purposes on iOS Basis TechnologyIntro to DFIR: The Divide and Conquer Process (3 hours) Joshua James at Digital Forensic ScienceHex editors and data structures Elcomsoft Apple Mobile Devices Cheat Sheet Mobile Forensics: Are You Ready for iOS 14? […]

Week 40 – 2020

Abhiram KumarIntro to Linux memory forensics Cellebrite 5 Things To Look For When Investigating Cryptocurrency Crimes Cellebrite Physical Analyzer’s New Consolidated Messages Approach Chris Vance at ‘D20 Forensics’iOS – Tracking Bundle IDs for Containers, Shared Containers, and Plugins Craig Ball at ‘Ball in your Court’The Case for Native, I Swear Joshua James at Digital Forensic […]