Nominations for the 4Cast Awards have opened again! Get your nominations in early!Lee has done a fantastic job for over a decade getting this together and his work is very much appreciated.Please make sure you nominate everyone who had an impact on you throughout 2020 to show your appreciation for them!2021 Forensic 4:cast Awards – […]

Also I’ll be delivering a SANS @Mic talk this Wednesday, 17 February at 1PM AEDT (2AM UTC, sorry!). The talk is aimed at people new to the field, talking about how to get started learning about digital forensics by testing and experimenting. You can register here Andrea Fortuna at ‘So Long, and Thanks for All […]

ThinkDFIRMetaspike CTF – Week 5 – “Spot the DFIRence” Abhiram’s Blog Mr EvilPepo [series] – TrollCAT CTF 2021 S3cr3t – TrollCAT CTF 2021 Andrea Fortuna at ‘So Long, and Thanks for All the Fish’Windows registry Transaction Logs in forensic analysis Brian MaloneyYour AV is Trying to Tell You Something: rawlog.log DFIR Review Extracting and Decrypting […]

Jessica Hyde at Magnet ForensicsAndroid Motion Photos in Magnet AXIOM Doug Metz at Baker Street ForensicsForensic Imaging a Microsoft Surface Pro Brian MaloneyYour AV is Trying to Tell You Something: tralog.log Matt Goeckel at CellebriteHow to Use The Project Tree and Analyzed Data in Cellebrite Physical Analyzer to Find Data Fast Chris Vance at ‘D20 […]

Jordan Drysdale at Black Hills Information SecurityA Sysmon Event ID Breakdown Brian MaloneyYour AV is Trying to Tell You Something: Log Lines Deagler’s 4n6 BlogAn Android Casting (Device) Story: “cast.db” Kovar & Associates UAV THREATS TO THE OIL AND GAS INDUSTRY PART 1: THE THREAT IS REAL UAV THREATS TO THE OIL AND GAS INDUSTRY […]

FOR308 is now available OnDemand, read more about it here! Andrea Fortuna at ‘So Long, and Thanks for All the Fish’Mobile forensics: how to identify suspect network traffic Dr. Neal Krawetz at ‘The Hacker Factor Blog’iPhone Pictures Tegan Parsons at First ResponseThe evidence shows that… Vishva Vaghela at Hacking ArticlesComprehensive Guide on Autopsy Tool (Windows) […]

Bill Stearns at Active CountermeasuresWhere Do I Put My Zeek Sensor? Andrea Fortuna at ‘So Long, and Thanks for All the Fish’How to extract forensic artifacts from Linux swap Atropos4n6Are you sure you extract all the available Volume Serial Numbers (VSNs) that reside in the Windows 10 Event Log “Microsoft-Windows-Partition%4Diagnostic.evtx”? Blue Team BlogSIEM – Use […]

Chris at AskCleesSQLite Databases at hex level Craig Ball at ‘Ball in your Court’The Metadata Vanishes DFIR Review How Android Bluetooth Connections Can Determine if a Driver had Their Hands on the Wheel During an Accident Can Google Takeout Location Data Be Trusted? How to Use iOS Bluetooth Connections to Solve Crimes Faster Can You […]

Andrea Fortuna at ‘So Long, and Thanks for All the Fish’Linux Forensics: Memory Capture and Analysis Heather Mahalik at CellebriteHow To Use Cellebrite Physical Analyzer’s New Cloud Feature Dany at DigitellaWireshark for Network Forensics! Deepak KumarDigital Forensics Corner 1 Elcomsoft iOS 14.2, iOS 12.4.9, the Updated checkra1n 0.12 Jailbreak and File System Extraction Elcomsoft and […]

Heather Mahalik at CellebriteHow To Isolate And Filter Volume Shadow Copies In Cellebrite Blacklight Chris HoganDigital Forensic Efficiencies and Effectiveness with AWS and Open Source Elcomsoft Breaking Intuit Quicken and QuickBooks Passwords in 2021 Protecting iMessage Communications Forensic Focus Research Roundup: Communicating Uncertainty In Digital Forensics Results Automated Control Logic Forensics In Industrial Control Systems […]