FORENSIC ANALYSIS Adam Harrison at 1234n6 answers Dave’s latest Sunday Funday challenge on identifying historical timezone configuration changes. Adam’s submission also won Methods to identify historical Time Zone configuration associated with a Windows PC Matt at Bit of Hex shares a short Python script “which will brute-force binary data looking for valid dates and times” […]

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog looked into NTFS $REPARSE_POINTs and symbolic links, and by doing so was able to identify a bug in MFTECmd. NTFS $REPARSE_POINT and Symbolic link NTFS $REPARSE_POINT and Symbolic link(2) Dan Pullega at 4n6k describes how he investigated a previously unknown GUID identified in Shellbags. Dan also […]

FORENSIC ANALYSIS Adam Harrison at 1234n6 shares his answer to the recent Sunday Funday challenge regarding o365 logging. Adam’s solution also won him the challenge Investigating Office365 Account Compromise without the Activities API Brian Gerdon at Arsenal Recon walks through his process for cracking the password of a Windows XP domain account. An Adventure in […]

I’ve decided to formalise the support page for the project, which can now be accessed from the top menu. I figured that it would be a good idea to put it all in the one place. I’m still holding out from the advertising model, although I think that’s more of a personal preference more than […]