A monthly wrap-up of the DFIR news for March 2018. Thank you to those Patreon donors for the last month. I decided to go with the value-for-value model rather than advertising. If you get a little bit of value from the show, then I appreciate those that decide to give a little back. Alternatively, it would be great if […]
Last chance to nominate this site for the 2018 Forensic 4Cast Awards. If you have already, it’s very much appreciated. FORENSIC ANALYSIS Oleg Skulkin and Igor Mikhaylov at Cyber Forensicator tested how various actions affect the 8 timestamps on an NTFS volume on a Win10 host. This test shows that there are minor differences compared to […]
If you like my work and would like to nominate me for a 4Cast Award for Blog of the year that would be greatly appreciated. Nominations close at the end of this month. FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog takes a look at the “the Shell item structure of the LNK file.” […]
FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog takes a look at the ‘Access Bits’ in a Windows 10 registry hive. RegistryとAccess bits Sebastian Neef at 0day Work shares his findings from pulling apart the .DS_Store file format. Parsing the .DS_Store file format Marco Fontani at Amped Software shows “what Griffeye Analyze DI Pro […]
FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog shows how to repair a dirty registry hive manually so that it can be examined by Log2timeline. Registry Transaction LogとPlaso Scar at Forensic Focus has posted an article on using Oxygen to examine drone onboard/SD card and Cloud data. Oxygen Drone Forensics Alexis Brignoni at ‘Initialization […]
Just a reminder that the nominations for the Forensic 4Cast awards are still open and if you haven’t already, head over here to submit your nominations. If you’d like to nominate this blog it would be very much appreciated 🙂 FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog continues to look at the Bam […]
This Week In 4n6 