Adam Cohen Hillel at Cado SecurityCado + GPT-3: Interactive Incident Response Digital Forensics Myanmar SQLite Database  Forensics (Note) eCDFP Module (5) File System Analysis (Part-11)  (NTFS File System Analysis) Doug Metz at Baker Street ForensicsKAPE batch mode, ARM Memory, updates to CSIRT-Collect, and all the things I learned along the way. Oleg Afonin at ElcomsoftForensically […]

Ali HadiAnit-Forensics Brian Carrier at Cyber TriageAnalyzing KAPE DFIR Artifacts in Cyber Triage Dany at DigitellaCyberDefenders HoneyBOT Challenge Write-up Derek EiriRetrieving Registry Values to Decrypt Files Protected with DDPE Dr. Neal Krawetz at ‘The Hacker Factor Blog’An Itty Midi Mystery Dr. Tristan Jenkinson at ‘The eDiscovery Channel’The Importance of Data that Doesn’t Exist – Part […]

Adam at HexacornExcelling at Excel, Part 3 Emi Polito at AmpedMeasuring in a Scene: What Filters to Use in Amped FIVE? Cado SecurityCase Study: Responding to an Attack in AWS Craig Ball at ‘Ball in your Court’Not So Fine Principle Nine Dany at DigitellaCyberDefenders PCAP Or It Didn’t Happen Challenge Write Up Domiziana FotiLetsDefend-SOC163 — Suspicious Certutil.exe […]

AbdulRhman Alfaifi at U0041Exploring Windows Artifacts : $Security Artifact Catie WalshSysInternals Case Write Up Dany at DigitellaUsing Powershell To Enumerate Information on Windows Defender and Firewalls Digital Forensics MyanmarBitLocker Decryption Methods Dr. Tristan Jenkinson at ‘The eDiscovery Channel’The Importance of Data that Doesn’t Exist – Part One (Timelines) Oleg Afonin at ElcomsoftiOS 15.5 Low-Level Keychain […]

Andrew Rathbun at AboutDFIR New Windows 11 Pro (22H2) Evidence of Execution Artifact! DFIR FYI: Security:4624 has been updated in Windows 11 Pro (22H2) Abdul ShareefDFIR-Resources Adam at HexacornExcelling at Excel, Part 1 Austin Songer at ‘Songer Tech’Evidence Gathering Recommendation: Adding TimeStamp To Screenshots BelkasoftNIST tested Belkasoft support for SQLite data recovery James McGee at […]

Welcome to 2023! I wrote a 2022 Wrap Up! Oleg Afonin at Elcomsoftcheckm8 for iOS 16.2 and Windows-based iOS Low-Level Extraction Joe T. Sylve, Ph.D. 2022 APFS Advent Challenge Day 18 – Decryption 2022 APFS Advent Challenge Day 20 – Snapshot Metadata 2022 APFS Advent Challenge Day 21 – Fusion Containers 2022 APFS Advent Challenge […]

And that’s a wrap for 2022! Things returned a lot more to normal down in Sydney, with pretty much all restrictions being lifted. We have seen a bit of an increase in COVID cases recently, and it seems almost everyone is getting it now (or again) – thankfully almost all the cases seem to be […]

CTF导航Cyberdefenders蓝队-恶意软件流量分析3 Dr. Neal Krawetz at ‘The Hacker Factor Blog’Weird Science ForensafeInvestigating Window Kaspersky Antivirus Howard Oakley at ‘The Eclectic Light Company’Rolling logs and anti-malware scans Jason Wilkins at ‘Noob to Pro Forensics’Drive Geometry, File Systems, and How Criminals Hide Data Joe T. Sylve, Ph.D. 2022 APFS Advent Challenge Day 13 – Data Streams 2022 APFS […]

Active CountermeasuresHunting Windows Event Logs Oleg Afonin at ElcomsoftWindows Account Passwords: Why and How to Break NTLM Credentials ForensafeInvestigating Window Google Drive Karthikeyan Nagaraj at InfoSec Write-ups Advent of Cyber 2022 [Day 11]-Memory Forensics-Not all gifts are nice Write up Advent of Cyber 2022 [Day 14]-Packet Analysis | Simply having a wonderful pcap time — Simple Write… […]

CyberJunnkiePhishing Email Challenge by LetsDefend Joseph Moronwi at Digital InvestigatorMalware Threat Hunting With Volatility ForensafeInvestigating Android Sygic Fallen sky at InfoSec Write-upsEmail analysis : avoid phishing attacks Joe T. Sylve, Ph.D. 2022 APFS Advent Challenge Day 3 – Containers 2022 APFS Advent Challenge Day 4 – NX Superblock Objects 2022 APFS Advent Challenge Day 5 – […]