Lee has opened up nominations for the 2022 Forensic 4Cast Awards. This means that people can start nominating folks this year!2022 Forensic 4:cast Awards – Nominations are Open! Bob RudisAcoustic: Solving a CyberDefenders PCAP SIP/RTP Challenge with R, Zeek, tshark (& friends) DFIR ReviewMissing SQLite Records Analysis Forensafe Investigating Brave Web Browser Investigating OpenSaveMRU InfoSec […]

Thanks to everyone that voted for this site for “Resource of the Year”. Congratulations to all of the winners!2021 Forensic 4:cast Awards – Results Alexis Brignoni at ‘Initialization Vectors’vLEAPP – Vehicle Logs Events And Properties Parser Howie Shia at Amnesty InternationalForensic Methodology Report: How to catch NSO Group’s Pegasus Bill Marczak, John Scott-Railton, Siena Anstis, […]

Last week to get your votes in for the Forensic 4Cast Awards! If you haven’t voted yet, you can votes here: don’t delay! While I would love to win an award again, getting nominated as a top resource for the community is definitely something to be proud of (this will be my fifth year getting […]

Kroll Forensically Unpacking EventTranscript.db: An Investigative Series EventTranscript.db Research Parsing Diagnostic Data With Powershell and Enhanced Logging Parsing EventTranscript.db With KAPE and SQLECmd Forensic Quick Wins With EventTranscript.DB: Win32kTraceLogging EventTranscript.db vs .rbs Files and Their Relation to DiagTrack Andrea Fortuna at ‘So Long, and Thanks for All the Fish’Some thoughts about Stuxnet B. Krishna Sai […]

Brendan Bone at AccessDataHow to run FTK Imager from a flash drive (Imager Lite) Dr. Neal Krawetz at ‘The Hacker Factor Blog’Up to your knees in alterations Forensafe Investigating UC Web Browser Investigating Windows OneDrive Kevin Pagano at Stark 4N6Turbo Pt. 3 – Device Health Services Application Usage Maxim SuhanovShadow copies become less visible Not […]

Alex Caithness at CCLChromium Session Storage and Local Storage BelkasoftBelkasoft CTF June 2021: Write-up CrowdStrikeResponse When Minutes Matter: Falcon Complete Disrupts WIZARD SPIDER eCrime Operators DFIR ReviewUpgrade From NULL—Detecting iOS Wipe Artifacts Forensafe Investigating User Accounts Investigating Zoom Joshua Hickman at ‘The Binary Hick’Apple’s Find My & iCloud’s Throne of Lies Kevin Pagano at Stark […]

Amber Schroader at Paraben CorporationTikTok Smartphone Evidence Marco Fontani at AmpedHow Can I View and Show the Date and Time of a CCTV Video File? AmrChapter 7 – Registry Analysis Chris Vance at ‘D20 Forensics’ iOS – Tracking Device Migration Android – Tracking Device Migration Oleg Afonin at Elcomsoft Analyzing Microsoft Timeline, OneDrive and Personal […]

Paul Masek at 4sysopsUsing the Convert-EventLogRecord function alongside the Get-WinEvent PowerShell cmdlet to search Windows event logs AcelabThe PC-3000 Mobile: the Support of Per-File Encryption for the F2FS File System Korstiaan Stam at Cloud ResponseCyberDefenders – Series (Malware Traffic Analysis 3 – Packet Analysis) Patrick Bennett at CrowdStrikeUAL Thank Us Later: Leveraging User Access Logging […]

Marco Fontani at AmpedHow Can I Find Which Are CCTV Video Files on a USB Drive? Andrea Fortuna at ‘So Long, and Thanks for All the Fish’dfir_ntfs: a forensic parser for NTFS filesystems DS4N6[NEWS]  DAISY documentation updated, including Demo version precooked content and RAM configurations Elcomsoft Password Crackers’ Gold Mine: Browser Passwords Breaking VeraCrypt: Obtaining […]

Voting for the annual Forensic 4cast Awards has opened! Thank you Lee for your tireless efforts yet again. Congratulations to everyone that was nominated for an award, and thank you everyone for nominating this website as one of the “Resource of the Year” finalists, against very worthy competition. Of course, I’d be happy to take […]