A monthly wrap-up of the DFIR news for October 2018. Thank you to those Patreon donors for the last month. I decided to go with the value-for-value model rather than advertising. Alternatively, it would be great if you could leave an iTunes review. If you are a Patreon donor the show notes can be found here. Special thanks to […]
Links only this week. Sorry! I assure you I have a good excuse 🙂 FORENSIC ANALYSIS Dave Cowen Daily Blog #513: solution Saturday 10/20/18 Daily Blog #514: Sunday Funday 10/21/18 Daily Blog #515: Asking for your input regarding future testing Daily Blog #516: Forensic Lunch Test Kitchen 10/23/18 Daily Blog #517: Forensic Lunch Test Kitchen […]
FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog looks at file system tunnelling on the C drive File System Tunneling and C:\ Adam Harrison at 1234n6 has written a post on Windows execution artefacts across a variety of desktop and server versions of Windows, and subsequently also (is going to be the winning, yes […]
Early post this week, just in case I didn’t have time to finish it tomorrow. FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog looks at the effects of file system tunnelling on the USN journal File System Tunneling and E:\ Faisal AM Qureshi at ‘Deriving Cyber Threat Intelligence and Threat Hunting’ demonstrates how […]
FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog explores whether he can “find timestamp changes using [the] USN Journal” Timestamp and USN_REASON_BASIC_INFO_CHANGE ADF have a post describing how to acquire memory using an ADF collection key RAM Dump Forensics Justin Boncaldo takes a look at the database that stores apps installed with the Windows […]
A monthly wrap-up of the DFIR news for September 2018. Thank you to those Patreon donors for the last month. I decided to go with the value-for-value model rather than advertising. Alternatively, it would be great if you could leave an iTunes review. If you are a Patreon donor the show notes can be found here. Special thanks to […]
This Week In 4n6 