Angry-Bender’s blog houseDFIR Playbook – Windows Forensics(WIP APR21) John Walther at Carpe IndiciumCleaner Office365 logs with Excel and Magnet Custom Artifact Generator Heather Mahalik at CellebriteUFED Fundamentals Matter – You Asked, We Answered Dexter Morgan at Data ForensicsHow to Find Who Deleted Records in SQL Server? Perfect Workarounds Dr. Neal Krawetz at ‘The Hacker Factor […]

Alexis BrignoniIdentifying the Android Operating System Version thru UsageStats Didier StevensQuickpost: Decrypting Cobalt Strike Traffic Forensafe Investigating Windows Services Investigating Internet Explorer Web Browser Kyle SongBlog #28: IPv6 in TeamViewer(v15) part 2. [EN] Jamie McQuaid at Magnet ForensicsVirtualizing Your Forensics Lab in the Cloud Part 5: Securing Your Evidence in Microsoft Azure Meisam Eslahi at […]

Lukasz D at Compass SecurityStraightforward Mobile Forensics DS ToolsWhatsApp in Plain Sight: Where and How You Can Collect Forensic Artifacts DS4N6 The DS-DFIR (Data Science for DFIR) Trip Starts… Jump In! Try the ds4n6_lib in the Cloud in minutes What is the DS4N6 Library (ds4n6_lib)? New DS4N6 library (ds4n6_lib) released! Erik Hjelmvik at NetresecAnalysing a […]

Alexis Brignoni at ‘Initialization Vectors’Android version without the build.props file SANSFOR509: Enterprise Cloud Forensics and Incident Response Barnaby SkeggsLSASS.DMP… Attacker or Admin? James Smith at DFIR MadnessCase 001 Super Timeline Analysis Kevin Pagano at Stark 4N6 BloomCon 0x05 Networks CTF – Who Am I? (Challenge 1) BloomCON 0x05 Networks CTF – Exfiltration Investigation (Challenge 2) […]

Andrea Fortuna at ‘So Long, and Thanks for All the Fish’Android Triage: a really useful forensic tool by Mattia Epifani BelkasoftInvestigating the Dropbox Desktop App for Windows with Belkasoft X Dr. Neal Krawetz at ‘The Hacker Factor Blog’All Spam All The Time Oleg Afonin at ElcomsoftBreaking RAR5 and 7Zip Passwords Kevin Pagano at Stark 4N6BloomCon […]

Arman Gungor at MetaspikeInvestigating Message Read Status in Gmail & Google Workspace Brian MaloneyYour AV is Trying to Tell You Something: Registry CCL SolutionsUpdated RabbitHole software sets new standard for forensic data exploration tools David Via and Scott Runnels at Fire Eye Threat ResearchBack in a Bit: Attacker Use of the Windows Background Intelligent Transfer […]

Jason Jordaan, one of my FOR308 co-authors, needs your help! Please fill out the survey on DFIR fundamentals below (and go in the draw to win a $250 Amazon voucher).Survey Now Open: 2021 SANS Digital Forensics Survey: Digital Forensics Essentials and Why Foundations Matter Abhiram KumarWhat App Is On Fire? – Securinets Quals 2021 Marco […]

I ran a webcast last month on getting started in DFIR by testing, and walked through a few different scenarios. Minor bump at the beginning with my VM dying, but at least we knew it was live! I took some parts of my FOR308 and FOR500 material to create this talk, where the premise is […]

Alexis BrignoniCheck out @AlexisBrignoni’s Tweet Brian MaloneyYour AV is Trying to Tell You Something: VBN’s Part 3 Brendan MccreeshData Exfiltration via ConnectWise Control (formerly ScreenConnect) James Smith at DFIR MadnessTriage Disk Analysis Case 001 Lukasz Olszewski at CyberushSuper timeline initial triage with Jupyter and Pandas Meisam Eslahi at Cyber Security HubBlue Team-System Live Analysis [Part […]

Nominations for the 4Cast Awards have opened again! Get your nominations in early!Lee has done a fantastic job for over a decade getting this together and his work is very much appreciated.Please make sure you nominate everyone who had an impact on you throughout 2020 to show your appreciation for them!2021 Forensic 4:cast Awards – […]