Week 26 – 2021

Alex Caithness at CCLChromium Session Storage and Local Storage BelkasoftBelkasoft CTF June 2021: Write-up CrowdStrikeResponse When Minutes Matter: Falcon Complete Disrupts WIZARD SPIDER eCrime Operators DFIR ReviewUpgrade From NULL—Detecting iOS Wipe Artifacts Forensafe Investigating User Accounts Investigating Zoom Joshua Hickman at ‘The Binary Hick’Apple’s Find My & iCloud’s Throne of Lies Kevin Pagano at Stark […]

Week 25 – 2021

Amber Schroader at Paraben CorporationTikTok Smartphone Evidence Marco Fontani at AmpedHow Can I View and Show the Date and Time of a CCTV Video File? AmrChapter 7 – Registry Analysis Chris Vance at ‘D20 Forensics’ iOS – Tracking Device Migration Android – Tracking Device Migration Oleg Afonin at Elcomsoft Analyzing Microsoft Timeline, OneDrive and Personal […]

Week 24 – 2021

Paul Masek at 4sysopsUsing the Convert-EventLogRecord function alongside the Get-WinEvent PowerShell cmdlet to search Windows event logs AcelabThe PC-3000 Mobile: the Support of Per-File Encryption for the F2FS File System Korstiaan Stam at Cloud ResponseCyberDefenders – Series (Malware Traffic Analysis 3 – Packet Analysis) Patrick Bennett at CrowdStrikeUAL Thank Us Later: Leveraging User Access Logging […]

Week 23 – 2021

Marco Fontani at AmpedHow Can I Find Which Are CCTV Video Files on a USB Drive? Andrea Fortuna at ‘So Long, and Thanks for All the Fish’dfir_ntfs: a forensic parser for NTFS filesystems DS4N6[NEWS]  DAISY documentation updated, including Demo version precooked content and RAM configurations Elcomsoft Password Crackers’ Gold Mine: Browser Passwords Breaking VeraCrypt: Obtaining […]

This Month In 4n6 – May – 2021

A monthly wrap-up of the DFIR news for May 2021. Thank you to those Patreon donors for the last month. This project takes a lot of time, so it’s very much appreciated that people see enough value in it to contribute back 🙂 If you are a Patreon donor the show notes will be found here. Special […]