A monthly wrap-up of the DFIR news for January 2018. Thank you to those Patreon donors for the last month. I decided to go with the value-for-value model rather than advertising. If you get a little bit of value from the show, then I appreciate those that decide to give a little back. Alternatively, it would be great if […]
For anyone in Sydney, I’ve started a Google Group for those in DFIR to meet up every so often and have a drink. If you want to join just submit a request, it’s open to all. FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog looks at the relationship between $INDEX_ALLOCATION (0xA0) and the Virtual […]
FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog takes a look at the $BITMAP attribute of a folder. Folderと$BITMAP (0xB0) Dan Pullega at 4n6k looks into an unknown entry in the debugfs stat output on Linux ext4. Forensics Quickie: Methodology for Identifying Linux ext4 Timestamp Values in debugfs `stat` Command Digital Forensics Corp shared […]
FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog took a look at the Win10 Thumbnail index database, thumbcache_idx.db. Win10 と Thumbnail Index Brian Maloney stumbled across a Windows event log, Microsoft-Windows-MBAM/Operational, that tracks RemovableDriveMounted and RemovableDriveDismounted (event ID 39 and 40) Check out @bmmaloney97’s Tweet There were a few posts on the Cyber Forensicator […]
Happy New Year! It was a bit hectic last week posting a few times on New Year’s Eve; in case you missed it, I posted my monthly podcast episode, as well as a wrap up for the year. FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog posted a couple of times this week The […]
This Week In 4n6 