A monthly wrap-up of the DFIR news for May 2018.

Sorry in advance for the audio quality, turns out recording on my laptop without a dedicated mic, on a cruise ship, results in bad audio.

Thank you to those Patreon donors for the last month. I decided to go with the value-for-value model rather than advertising. Alternatively, it would be great if you could leave an iTunes review.

If you are a Patreon donor, unfortunately, I’m locked out of my account due to 2FA and not being able to receive the 2FA message for another couple of weeks. As a result, I’m going to post the notes at the bottom of this post.

Special thanks to my friend Jeff (Animatic on Soundcloud) for letting me use one of his tracks.

Thanks for listening!

*Apologies for the name pronunciations, ums and ahs, and general production quality 🙂

 

---

1. 00:50 – https://berla.co/ive-software-v20/
2. 00:50 – https://berla.co/ive-mobile-v20/
3. 01:10 – http://www.x-ways.net/winhex/forum/messages/1/5028.html?1525097545
4. 01:10 – https://blogs.opentext.com/7-things-forensic-investigators-need-to-do/
5. 01:35 – https://www.paragon-software.com/home/apfs-windows/
6. 01:45 – https://media.cellebrite.com/wp-content/uploads/2018/05/UFED7.5andAD7.0_ReleaseNotes.pdf
7. 02:22 – https://www.msab.com/2018/05/03/released-today-xry-kiosk-tablet-7-7-1/
8. 02:39 – https://www.blackbagtech.com/blog/2018/05/01/graykey-images-blacklight-mobilyze/
9. 02:49 – https://bitofhex.com/2018/04/29/volatility-and-tor/
10. 02:49 – https://bitofhex.com/2018/05/10/memory-forensics-tor-part-two/
11. 03:25 – https://salt4n6.com/2018/05/15/a-few-interesting-ios-forensic-artefacts/
12. 04:00 – https://df-stream.com/2018/05/partition-diagnostic-event-log-and-usb-device-tracking-p1/
13. 04:50 – http://www.swiftforensics.com/2018/05/bash-sessions-in-macos.html
14. 05:30 – https://salt4n6.wordpress.com/2018/05/05/windows-10-timeline-forensic-artefacts/
15. 05:30 – https://cclgroupltd.com/windows-10-timeline-forensic-artefacts/
16. 05:40 – http://port139.hatenablog.com/entry/2018/05/19/070956
17. 06:00 – https://binaryforay.blogspot.com/2018/05/introducing-wxtcmd.html
18. 06:15 –  https://www.magnetforensics.com/blog/magnet-axiom-2-1-builds-on-the-advances-of-axiom-2-0/
19. 06:40 –  https://blog.elcomsoft.com/2018/05/ios-11-4-to-disable-usb-port-after-7-days-what-it-means-for-mobile-forensics/
20. 07:40 – https://twitter.com/sandersonforens/status/995332993114755072?s=19
21. 07:50 –  https://abrignoni.blogspot.com/2018/05/book-review-sqlite-forensics-by-paul.html
22. 08:01 – https://twitter.com/chadtilbury/status/990982108872134658?s=09
23. 08:01 – https://twitter.com/robtlee/status/994220281035141120?s=09
24. 08:01 – https://twitter.com/sansforensics/status/993845578701426688?s=09
25. 08:30 – https://www.youtube.com/watch?v=vpSIw-zGhhE
26. 08:45 – http://blog.atola.com/atola-taskforce-launch/
27. 08:57 – https://www.forensicfocus.com/News/article/sid=3177/
28. 09:10 – https://twitter.com/blschatz/status/997988509980835841
29. 09:28 – https://www.youtube.com/watch?v=FBKAWUkV-lk
30. 10:31 –  https://www.dfir.training/dfir-training-categories-k2/item/139-unlocking-the-dfir-door-aka-getting-a-job-in-dfir
31. 11:25 –  https://volatility-labs.blogspot.com/2018/05/the-6th-annual-volatility-plugin.html

12:35 – https://twitter.com/AlexisBrignoni/status/990439241128775680