Ali HadiAnit-Forensics Brian Carrier at Cyber TriageAnalyzing KAPE DFIR Artifacts in Cyber Triage Dany at DigitellaCyberDefenders HoneyBOT Challenge Write-up Derek EiriRetrieving Registry Values to Decrypt Files Protected with DDPE Dr. Neal Krawetz at ‘The Hacker Factor Blog’An Itty Midi Mystery Dr. Tristan Jenkinson at ‘The eDiscovery Channel’The Importance of Data that Doesn’t Exist – Part […]

Adam at HexacornExcelling at Excel, Part 3 Emi Polito at AmpedMeasuring in a Scene: What Filters to Use in Amped FIVE? Cado SecurityCase Study: Responding to an Attack in AWS Craig Ball at ‘Ball in your Court’Not So Fine Principle Nine Dany at DigitellaCyberDefenders PCAP Or It Didn’t Happen Challenge Write Up Domiziana FotiLetsDefend-SOC163 — Suspicious Certutil.exe […]

AbdulRhman Alfaifi at U0041Exploring Windows Artifacts : $Security Artifact Catie WalshSysInternals Case Write Up Dany at DigitellaUsing Powershell To Enumerate Information on Windows Defender and Firewalls Digital Forensics MyanmarBitLocker Decryption Methods Dr. Tristan Jenkinson at ‘The eDiscovery Channel’The Importance of Data that Doesn’t Exist – Part One (Timelines) Oleg Afonin at ElcomsoftiOS 15.5 Low-Level Keychain […]

Andrew Rathbun at AboutDFIR New Windows 11 Pro (22H2) Evidence of Execution Artifact! DFIR FYI: Security:4624 has been updated in Windows 11 Pro (22H2) Abdul ShareefDFIR-Resources Adam at HexacornExcelling at Excel, Part 1 Austin Songer at ‘Songer Tech’Evidence Gathering Recommendation: Adding TimeStamp To Screenshots BelkasoftNIST tested Belkasoft support for SQLite data recovery James McGee at […]

Welcome to 2023! I wrote a 2022 Wrap Up! Oleg Afonin at Elcomsoftcheckm8 for iOS 16.2 and Windows-based iOS Low-Level Extraction Joe T. Sylve, Ph.D. 2022 APFS Advent Challenge Day 18 – Decryption 2022 APFS Advent Challenge Day 20 – Snapshot Metadata 2022 APFS Advent Challenge Day 21 – Fusion Containers 2022 APFS Advent Challenge […]