Week 46 – 2017

Just to start, I’ve signed up to Amazon’s Affiliate program so if you click on the Amazon links I’ll get a referral bonus. That being said, I’m going to be providing the non-referral link, as well, for anyone that wants to use that. Also; apologies for the formatting and if some posts from the week […]

Week 45 – 2017

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog looks at the effect on a file/folders MFT entry when sdelete is used. Win 10 と sdelete Oleg Skulkin and Igor Mikhaylov at Cyber Forensicator take a look at a few artefacts on OSX that may assist in identifying files copied to a connected volume. They […]

Week 44 – 2017

Just wanted to say thanks first up to the Patreon donors for the latest podcast episode. For those that didn’t see last weeks post, I’ll be donating the proceeds from this months show to the Lifehouse cancer research and treatment centre. FORENSIC ANALYSIS Dan Pullega at 4n6k posts how he identified the answer to a […]

THIS MONTH IN 4N6 – October – 2017

A monthly wrap-up of the DFIR news for October 2017. Any Patreon donations this month will be donated to Lifehouse in memory of my late colleague John. I’m also going to move the show notes over to the Patreon page. Special thanks to my friend Jeff (Animatic on Soundcloud) for letting me use one of his tracks. Thanks for […]

Week 43 – 2017

I wanted to start this post slightly differently; last week a colleague lost his fight with cancer – he was one of the founding members of the organisation that I work at, and the lack of his presence will be noticed across the command. Some people have been very kind to donate to my work on […]

Week 42 – 2017

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog creates a test file on an NTFS file system to see how the $LogFile is populated. $LogFile (1) Adam Harrison at 1234n6 continues his investigation into the Windows subsystem for Linux. After a recent update, Adam was able to confirm that “an individual user can install […]

Week 41 – 2017

FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog looks into the USN Journal on NTFS. He creates a test file and monitors what happens to the journal. $JとUSN Hideaki also takes a look at the ‘enablerangetracking’ feature of the fsutil command on Win10. USN と range tracking Adam Harrison at 1234n6 took a look […]