Andrea Fortuna at ‘So Long, and Thanks for All the Fish’If you’re a fan of Volatility, you’ll love CrowdStrike’s SuperMem Atomic MatryoshkaAutoRun Malware: Why your computer is summoning dark lords after you plugged in that parking lot USB Dr. Brian Carrier at Cyber TriageCyber Triage on Google Cloud: DFIR in the Cloud Forensafe Investigating Sticky […]

Dr. Neal Krawetz at ‘The Hacker Factor Blog’Proving it now Robert Graham at Errata SecurityFact check: that “forensics” of the Mesa image is crazy Forensafe Investigating Typed Paths Solving HireMe Challenge with ArtiFast Windows Investigating Typed URLs İbrahim BaloğluDosya Tarih Manipülasyonu ve Tespiti (Anti -Forensics & Forensics) Kevin Pagano at Stark 4N6Samsung Power Off Reset […]

BohopsAnalyzing and Detecting a VMTools Persistence Technique CellebriteComputer Forensics: What Can You Do About Deleted Data? Kamala Kannan at CheckmateWindows Timeline: Putting the what & when together Craig Wilson at Digital DetectiveForensic Analysis of the Zone.Identifier Stream Brendan MccreeshSwimming in the SRUM Forensafe Investigating Outlook Windows Application Investigating Paint MRU Investigating Windows Calendar Forensic-Research [논문리뷰] […]

BlueteamOpsSuper Charging Bulk DFIR triage with Node-RED, Google Log2timeline & Google Timesketch Forensafe Investigating UserAssist Investigating Google Chrome Web Browser Investigating Windows Run MRU Forensic-ResearchLNK File Structure Analysis Howard Oakley at ‘The Eclectic Light Company’Explainer: Logs InginformaticoForensic challenge losprys I: Presentation, tools and techniques [ENG] Jesse Spangenberger at ‘Cyber Fenix DFIR & Technology’CTF01: Cyberdefenders.org Joshua […]

Irfan Shakeel at AT&T CybersecurityNetwork traffic analysis using Wireshark Amina Zilic at BinalyzeAugust 2021 Binalyze Product Updates Dr. Neal Krawetz at ‘The Hacker Factor Blog’The Bayer Method Elcomsoft How to Put an iOS Device with Broken Buttons in DFU Mode Cloud Forensics: the New Reality Forensafe Investigating Thunderbird Windows Application Investigating RecentDocs MRU Inginformatico Reto […]

Cado SecurityThe Ultimate Guide to Docker & Kubernetes Forensics Dr. Neal Krawetz at ‘The Hacker Factor Blog’With Strings Attached Oleg Afonin at ElcomsoftForensic Implications of Sleep, Hybrid Sleep, Hibernation, and Fast Startup in Windows 10 Forensafe Investigating AmCache Investigating Foxit Reader InginformaticoReto forense losprys I — Presentación, herramientas y técnicas Junhyeong Lee at Plainbit [TIP#1] Microsoft defender […]

ArcPoint ForensicsmacOS Forensic Artifacts BelkasoftSignal decryption with Belkasoft X Cado SecurityYour Questions Answered: Cloud & Kubernetes Memory Forensics Forensafe Investigating Shellbags Investigating Opera Web Browser Shusei Tomonaga at JPCERT/CCHow to Use Volatility 3 Offline Magnet ForensicsAnatomy of A Ransomware Investigation Rory WagnerPart 1: Memory and Volatility Security Onion Quick Malware Analysis: malware-traffic-analysis.net data exfiltration exercise […]

eCrimeLabs“Analysis of competing hypotheses” to the rescue in incident response cases Erik Hjelmvik at NetresecCarving Packets from Memory Forensafe Investigating Facebook Messenger Windows Application Investigating Logon Banner Andrea Canepa at Zena ForensicsMcAFuse – open source McAfee FDE decryption Mike Cohen at VelocidexEvent Tracing For Windows Oxygen ForensicsGeoData Security Onion Quick Malware Analysis: malware-traffic-analysis.net BazaCall-BazaLoader pcap […]

Andrew RathbunDFIRMindMaps Andrew Rathbun and Josh Mitchell at Kroll Diving Deeper into EventTranscript.db Enabling EventTranscript.db: Windows Settings EventTranscript.db and Security Events Diagnostic Data Viewer Overview Navigating EventTranscript.db With Diagnostic Data Viewer Forensic Quick Wins With EventTranscript.DB: Microsoft.Windows.ClipboardHistory.Service Tony Knutson at AboutDFIRSOF-ELK and Integration with KAPE Atomic MatryoshkaPesky Persistence: How “Turning It Off and On Again” […]

ArcPoint ForensicsBitlocker Detection From The Command Line Arman Gungor at MetaspikeTrusted Timestamping (RFC 3161) in Digital Forensics Amina Zilic at BinalyzeDRONE: Generic Webshell Analyzer Elcomsoft Apple Watch Forensics: The Adapters NAS Forensics: TrueNAS Encryption Overview Forensafe Investigating Adobe Acrobat Reader Solving Lost Flash Drive Challenge with ArtiFast Windows InfoSec Write-upsBasic Splunk 101 Walkthrough Tryhackme Kevin […]