A monthly wrap-up of the DFIR news for February 2018. Thank you to those Patreon donors for the last month. I decided to go with the value-for-value model rather than advertising. If you get a little bit of value from the show, then I appreciate those that decide to give a little back. Alternatively, it would be great if […]
I’ve been told I need to promote the Patreon link. It’s here if you’re interested 🙂 FORENSIC ANALYSIS Kasasagi at ‘Apprentice forensic ‘s note’ has identified the ‘bam’ key in the Windows registry that stores the full path of an executable and the last execution time. It is indicated that this is only written […]
FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog utilises Teru Yamazaki’s USN parsing utility to identify deleted files and folders in the journal USN Analytics と Folder Arsenal Consulting has shared a couple of articles (one was from last week and I missed it, sorry!) They have put together an infographic on the Windows […]
FORENSIC ANALYSIS There were a few posts by Cyber Forensicator this week They shared a link to Florian Roth’s APT simulator APT Simulator They shared a thesis by Thomas Schreck titled “IT Security Incident Response: Current State, Emerging Problems, and New Approaches” IT Security Incident Response: Current State, Emerging Problems, and New Approaches They shared […]
FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog shows the affects some file actions have on an NTFS MFT record’s Fixup value and update sequence. Fixup と Update Sequence Number Adam Harrison at 1234n6 walks through the process of rebuilding a hardware RAID in Encase 7/8. As a side note, Adam wrote this post […]
This Week In 4n6 