Another week of links only; hoping to return to scheduled programming next week but depends on how I go with the travel/jet lag. Spent the last few days with some awesome people at the SAN DFIR Summit; learnt a lot, met a lot of people, and overall had a great time. Unfortunately didn’t win the […]

Taking a break this week (and probably next week too) so no summaries, just links 🙂 FORENSIC ANALYSIS Amped Software Understanding how online services change images Articles Turning the Investigations Dial Toward Practice Over Theory Atola Technology Creating a logical image of a source drive Between Two DFIRns CyberChef: Example DFIR Use Cases Compass Security […]

FORENSIC ANALYSIS The guys at Cyber Forensicator had a couple of posts this week They shared a paper by Baljit Singh, Dmitry Evtyushkin, Jesse Elwell, Ryan Riley, and Iliano Cervesato titled “On the Detection of Kernel-Level Rootkits Using Hardware Performance Counters” from the 2017 ACM on Asia Conference on Computer and Communications Security. On the […]

Voting has closed for the 4Cast award, thanks for the votes! I’ll be attending the DFIR Summit where the awards are given out this year. Hopefully, the next time I post about this it will be a picture of the prize! FORENSIC ANALYSIS Albert Barsocchini and Sam Maccherola at AccessData list three challenges when extracting […]

If you’d like to vote this site for the Forensic 4cast blog of the year, that would be greatly appreciated 🙂 Only a few more days to go till voting closes too. 2017 Forensic 4:cast Awards – Voting FORENSIC ANALYSIS Luis Rocha at Count Upon Security talks about the USNJrnl artefact on NTFS, and how […]

If you’d like to vote this site for the Forensic 4cast blog of the year, that would be greatly appreciated 🙂 2017 Forensic 4:cast Awards – Voting FORENSIC ANALYSIS The guys at Cyber Forensicator shared a couple of articles this week They shared a paper by Abdulalem Ali, Shukor Abd Razar, Siti Hajar Othman, Arafat […]

If you’d like to vote this site for the Forensic 4cast blog of the year, that would be greatly appreciated 🙂 2017 Forensic 4:cast Awards – Voting FORENSIC ANALYSIS The guys at Cyber Forensicator have shared the news that Joseph Muniz and Aamir Lakhani book, titled “Investigating the Cyber Breach: The Digital Forensics Guide for […]

If you’d like to vote this site for the Forensic 4cast blog of the year, that would be greatly appreciated 🙂 2017 Forensic 4:cast Awards – Voting UPCOMING WEBINARS In self-promotion news (yes, I moved this section to the top of the site this week ;)), I will be presenting a SANS webcast on Thursday […]

If you’d like to vote this site for the Forensic 4cast blog of the year, that would be greatly appreciated 🙂 2017 Forensic 4:cast Awards – Voting FORENSIC ANALYSIS As an update to a post by Mari, there’s been a bit of talk about a newly located registry subkey that indicates the actual install date […]

If you’d like to vote this site for the Forensic 4cast blog of the year, that would be greatly appreciated 🙂 2017 Forensic 4:cast Awards – Voting FORENSIC ANALYSIS Jonas Plum has started to reverse engineer the new Apple File System (APFS) and shares his research. APFS filesystem format  The guys at Cyber Forensicator shared […]