Week 22 – 2017

Voting has closed for the 4Cast award, thanks for the votes! I’ll be attending the DFIR Summit where the awards are given out this year. Hopefully, the next time I post about this it will be a picture of the prize!



  • Chris Pogue at Nuix applies the “Left Of Bang” methodology created by US Secretary of Defense Mattis to cybersecurity. Left of Breach in this instance would be threat intelligence and proactive hunting, whilst the right would be the DFIR space. “Cybersecurity professionals need to understand the tactics and techniques of their adversaries as well so that they too can learn to predict the movements of their adversary”. “You need to understand what attacks look like, how your adversary is going to engage them, and how to stop them—staying Left of Breach.”
    Learn to Understand and Stay ‘Left of Breach’






  • “Apache Tika 1.15 has been released! This release includes integration with Google’s Tensorflow Object Recognition via the OpenCV API, a new ‘tika-eval’ module, configurable encoding detectors and several new parsers.”
    Apache Tika 1.15

  • Both Autopsy and The Sleuth Kit have been updated this week.

  • GetData released Forensic Explorer v3.9.8.6522 adding a “Child Endangerment Filename search script” and fixing a couple of bugs.
    31 May 2017 – v3.9.8.6522

  • “A new version of MISP 2.4.74 has been released including new features, improvements and bug fixes.”
    MISP 2.4.74 released

  • Microsystemation released a microrelease for XRY, now at version 7.3.2. The release improves support for various apps and operating systems.
    Released today: XRY v7.3.2

  • Passmark Software have released V5.0.1000 of OSForensics including a variety of bug fixes and new features; including a plist viewer, a $UsnJrnl viewer, and much more.
    V5.0.1000 – 1st of June 2017

  • Passmark have also released beta version of Volatility Workbench, a Windows GUI for Volatility.
    Volatility Workbench Beta Release

  • Sumuri released a v1.02 of Recon Imager, adding “the ability to perform verification hash of a forensic image”. I played around with the update last week and it seems to work pretty well for taking an image although I couldn’t find a way to check the date/time on the system (probably user error).
    RECON IMAGER Version 1.02 Now Released – Details Inside

  • SalvationData updated their SmartPhone Forensic System (SPF) to v3.54.7.0 to add additional features, and  fix some bugs, and their Data Recovery System (DRS) to v17.7.3.263, adding a variety of new features.


And that’s all for Week 22! If you think I’ve missed something, or want me to cover something specifically hit me up through the contact page or on the social pipes!




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s