Cado SecurityThe Ultimate Guide to Docker & Kubernetes Forensics Dr. Neal Krawetz at ‘The Hacker Factor Blog’With Strings Attached Oleg Afonin at ElcomsoftForensic Implications of Sleep, Hybrid Sleep, Hibernation, and Fast Startup in Windows 10 Forensafe Investigating AmCache Investigating Foxit Reader InginformaticoReto forense losprys I — Presentación, herramientas y técnicas Junhyeong Lee at Plainbit [TIP#1] Microsoft defender […]

ArcPoint ForensicsmacOS Forensic Artifacts BelkasoftSignal decryption with Belkasoft X Cado SecurityYour Questions Answered: Cloud & Kubernetes Memory Forensics Forensafe Investigating Shellbags Investigating Opera Web Browser Shusei Tomonaga at JPCERT/CCHow to Use Volatility 3 Offline Magnet ForensicsAnatomy of A Ransomware Investigation Rory WagnerPart 1: Memory and Volatility Security Onion Quick Malware Analysis: malware-traffic-analysis.net data exfiltration exercise […]

eCrimeLabs“Analysis of competing hypotheses” to the rescue in incident response cases Erik Hjelmvik at NetresecCarving Packets from Memory Forensafe Investigating Facebook Messenger Windows Application Investigating Logon Banner Andrea Canepa at Zena ForensicsMcAFuse – open source McAfee FDE decryption Mike Cohen at VelocidexEvent Tracing For Windows Oxygen ForensicsGeoData Security Onion Quick Malware Analysis: malware-traffic-analysis.net BazaCall-BazaLoader pcap […]

Andrew RathbunDFIRMindMaps Andrew Rathbun and Josh Mitchell at Kroll Diving Deeper into EventTranscript.db Enabling EventTranscript.db: Windows Settings EventTranscript.db and Security Events Diagnostic Data Viewer Overview Navigating EventTranscript.db With Diagnostic Data Viewer Forensic Quick Wins With EventTranscript.DB: Microsoft.Windows.ClipboardHistory.Service Tony Knutson at AboutDFIRSOF-ELK and Integration with KAPE Atomic MatryoshkaPesky Persistence: How “Turning It Off and On Again” […]

ArcPoint ForensicsBitlocker Detection From The Command Line Arman Gungor at MetaspikeTrusted Timestamping (RFC 3161) in Digital Forensics Amina Zilic at BinalyzeDRONE: Generic Webshell Analyzer Elcomsoft Apple Watch Forensics: The Adapters NAS Forensics: TrueNAS Encryption Overview Forensafe Investigating Adobe Acrobat Reader Solving Lost Flash Drive Challenge with ArtiFast Windows InfoSec Write-upsBasic Splunk 101 Walkthrough Tryhackme Kevin […]

BelkasoftHow to acquire data from an Android device using APK downgrade method ForensafeInvestigating Signal with ArtiFast Signal Kevin Pagano at Stark 4N6May I Ask Who’s Calling – Google Call Screen Matt Lombana at PraetorianHow to improve your Incident Response (IR) with Live Response Security Onion Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-05-26 Quick Malware Analysis: […]

Forensafe Investigating LastVisitedMRU Investigating Google Drive InfoSec Write-upsAutopsy Walkthrough Tryhackme Kevin Pagano at Stark 4N6Google Duo – Android & iOS Forensic Analysis Microsoft 365 SecurityDFIR: Windows and Active Directory Attacks and Persistence Doug Burks at Security Onion Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-06-03 Quick Malware Analysis: malware-traffic-analysis.net pcap from 2021-06-02 Quick Malware Analysis: malware-traffic-analysis.net […]

Lee has opened up nominations for the 2022 Forensic 4Cast Awards. This means that people can start nominating folks this year!2022 Forensic 4:cast Awards – Nominations are Open! Bob RudisAcoustic: Solving a CyberDefenders PCAP SIP/RTP Challenge with R, Zeek, tshark (& friends) DFIR ReviewMissing SQLite Records Analysis Forensafe Investigating Brave Web Browser Investigating OpenSaveMRU InfoSec […]