So I can’t count and started the year on Week 1 instead of Week 0. This is the last summary post of the year, and hopefully I find a bit of time to write a year summary later on. Ahmed BelhadjadjiPoisonedCredentials Challenge Walkthrough Oleg Afonin at ElcomsoftA Comprehensive Instruction Manual on Installing the Extraction Agent […]

(Turns out the first post of the year should have been week 0 instead of week 1….whoops….week 52 is 1 week early this year) Amged WagehDriveFS Sleuth — Investigating Google Drive File Stream’s Disk Artifacts David Spreadborough at AmpedCorrect the Aspect Ratio of CCTV Footage Oleg Afonin at ElcomsoftiOS 17.3 Developer Preview: Stolen Device Protection ForensafeSolving Cellebrite’s […]

Cado SecurityUsing the Unix-like Artifacts Collector and Cado Community Edition to Investigate a Compromised Linux System Brian P. MohrDemystifying Log Collection in Azure: Navigating Windows and Linux Server Logging for Microsoft Sentinel Emi Polito at AmpedMeasure Speed from Surveillance Video Felix Guyard at ForensicXlab📦 Volatility3 : Import Address Table ForensafeInvestigating Android Snapchat App Max Groot […]

Abrar HussainSmall Things Matter in DFIR#1: Persistence without Privileges! BelkasoftHow to Efficiently Triage Digital Evidence with Belkasoft T CCL SolutionsWhat makes epoch timestamps tick? CellebriteThe Pitfalls of Relying on iTunes Backups for Investigations Fabio Poloni at Compass SecurityExposing the Scammers: Unmasking the Elaborate Job Offering Scam Digital DanielaInvestigating Traffic With Splunk! Emi Polito at AmpedSeparate […]

Emi Polito at AmpedIncrease Exposure of Dark Footage Cyber TriageEDRs don’t collect all DFIR artifacts, but they can help you do it Derek EiriIn Search of Extraction Techniques for Pair-Locked iOS Devices Oleg Afonin at Elcomsoft iOS Forensic Toolkit: Exploring the Linux Edition Forensic Insights into Apple Watch Data Extraction ForensafeInvestigating Android Viber Ian Whiffin […]