FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog shows the affects some file actions have on an NTFS MFT record’s Fixup value and update sequence. Fixup と Update Sequence Number Adam Harrison at 1234n6 walks through the process of rebuilding a hardware RAID in Encase 7/8. As a side note, Adam wrote this post […]
A monthly wrap-up of the DFIR news for January 2018. Thank you to those Patreon donors for the last month. I decided to go with the value-for-value model rather than advertising. If you get a little bit of value from the show, then I appreciate those that decide to give a little back. Alternatively, it would be great if […]
For anyone in Sydney, I’ve started a Google Group for those in DFIR to meet up every so often and have a drink. If you want to join just submit a request, it’s open to all. FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog looks at the relationship between $INDEX_ALLOCATION (0xA0) and the Virtual […]
FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog takes a look at the $BITMAP attribute of a folder. Folderと$BITMAP (0xB0) Dan Pullega at 4n6k looks into an unknown entry in the debugfs stat output on Linux ext4. Forensics Quickie: Methodology for Identifying Linux ext4 Timestamp Values in debugfs `stat` Command Digital Forensics Corp shared […]
FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog took a look at the Win10 Thumbnail index database, thumbcache_idx.db. Win10 と Thumbnail Index Brian Maloney stumbled across a Windows event log, Microsoft-Windows-MBAM/Operational, that tracks RemovableDriveMounted and RemovableDriveDismounted (event ID 39 and 40) Check out @bmmaloney97’s Tweet There were a few posts on the Cyber Forensicator […]
Happy New Year! It was a bit hectic last week posting a few times on New Year’s Eve; in case you missed it, I posted my monthly podcast episode, as well as a wrap up for the year. FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog posted a couple of times this week The […]
Another year has passed! I figured I did a wrap-up post last year so I decided I would do it again. (Most people relax on Sundays right? I wonder what that’s like…) This year has been as interesting as last year from a personal growth and development perspective. I decided to change a few things about […]
A monthly wrap-up of the DFIR news for December 2017. Thank you to those Patreon donors for the last month. I decided to go with the value-for-value model rather than advertising. If you get a little bit of value from the show, then I appreciate those that decide to give a little back. Alternatively, it would be great if […]
Last weekly post for the year! It’s both good and bad that the year ends on a Sunday. It does round things off nicely, but it also means that I have a podcast to put together next. Thank you to everyone that reads this every week, and also shares it around with others. I really […]
Merry Christmas and Happy Holidays! Hope everyone’s enjoying their break…although the last couple weeks have been 120+ links shared a week, and this week is no exception. FORENSIC ANALYSIS Hideaki Ihara at the Port 139 blog uses eventlogedit to delete an Event Log record. EventLogとEVTX There were a few posts by the guys at Cyber […]
